Hi, Am 2. März 2024 21:07:34 MEZ schrieb Philip Hands <p...@hands.com>: > >This sentence is the thing that prompted me to change things in the >first place, because it is not true. One does not _need_ to set a root >password.
It should be understood as "If you want to enable login as root, you have to set a root password now." And in expert mode it is in fact working this way: At first, you are asked if you want to enable login as root. If you answer yes here, you are prompted to set a root password. And at that point it is indeed required to set a root password, since you chose to enable root login in the first question and the installer does not allow an empty password for root. To make it work in default install, we could change the question as in above citation. >I don't actually care very much whether we encourage sudo use. My >wording ended up (after many variations) quite strongly encouraging it >mostly as an antidote to the implication that comes from having a >question dedicated to setting the root password, but I'd be happy with >any wording that makes sure that people understand that both options are >totally fine. The sudo possibility is also mentioned: 'The root user should not have an empty password. If you leave this empty, the root account will be disabled and the system's initial user account will be given the power to become root using the "sudo" command.' I have rephrased that a bit, see below. >The other thing that I was trying to ensure is that people are reassured >that they'll get to specify a password that will get them root access even if >they decide to leave the root password unset. This is because I've seen >people become quite uncertain about what to expect at this point in the >install. > >I've found that it is not easy to come up with things that include much >nuance about this, while still fitting in the space available, which is >why I decided to try a more opinionated approach. > >One could soften what I wrote by replacing "generally recommended" with >something like "often appropriate" -- how does that seem to people? Your proposal too much focusses on the sudo way IMO. We risk getting complains from people, who miss advise regarding the enabled root login. I have rephrased the dialog a bit, to make the sudo way more visible and better understandable. >One can of course tinker with this stuff indefinitely. I actually spent >a fair amount of time wondering how best to describe not setting a root >password for instance -- should one say "leave the password unset", "set >an empty password", "enter no password", or something like "just hit ><RETURN>"? (and does that last one actually apply to all the available >UIs?). > >The same goes for how you say that the password is not going to get >shown (unless you ask for it to be shown), which in the GTK UI gets >characters replaced with dots, IIRC in the text UI its with asterisks, >and I'd guess it just gets completely hidden in the speech install. I think that's not much of a problem. People are used to the situation, that passwords are not shown, but replaced by asterisks or similar. And we have the checkbox for showing it in clear text, that should be enough. Updated patch attached. Holger
diff --git a/debian/user-setup-udeb.templates b/debian/user-setup-udeb.templates index cdb6d78..7393511 100644 --- a/debian/user-setup-udeb.templates +++ b/debian/user-setup-udeb.templates @@ -34,21 +34,19 @@ Template: passwd/root-password Type: password # :sl1: _Description: Root password: - You need to set a password for 'root', the system administrative - account. A malicious or unqualified user with root access can have + If you want to allow login as root, you need to set a password for 'root', + the system administrative account now. + A malicious or unqualified user with root access can have disastrous results, so you should take care to choose a root password - that is not easy to guess. It should not be a word found in dictionaries, - or a word that could be easily associated with you. + that cannot be guessed. It should not be a word found in dictionaries, + or something that could be easily associated with you. . - A good password will contain a mixture of letters, numbers and punctuation - and should be changed at regular intervals. + You can also leave the password for root empty here, to disable the root + account; the system's initial user account (which will be set up in the next + step) will then be given the power to become root using the "sudo" command. . - The root user should not have an empty password. If you leave this - empty, the root account will be disabled and the system's initial user - account will be given the power to become root using the "sudo" - command. - . - Note that you will not be able to see the password as you type it. + Note that you will not be able to see the password as you type it (except if + you choose to show it in clear text). Template: passwd/root-password-again Type: password @@ -110,8 +108,7 @@ Template: passwd/user-password Type: password # :sl1: _Description: Choose a password for the new user: - A good password will contain a mixture of letters, numbers and punctuation - and should be changed at regular intervals. + Make sure to select a strong password, that cannot be guessed. Template: passwd/user-password-again Type: password
