> On Tuesday, 13 January 2015 3:06 AM, Miloslav Trmač wrote: > (The general theme of this mail: Being flexible is fine, and establishing > this > through this discussion is great; however, ultimately the Change proposal > needs > to document the _specific outcome_ of that discussion.²)
I understand, I'll do that. > “Can be” or “will be”? How? It is vaguely worrying that the Change proposal > explicitly lists only the most trivial task to do (change a sshd.conf option) > and is only fairly generic about how other parts of the OS and users need to > and/or will adapt. Well, part of it was due to unknown use-cases of how users would be affected by this change. Otherwise, immediate straight forward effect is that users would have to create & use non-root accounts first. I've tried to collate more details here -> https://www.piratepad.ca/p/ssh-remoterootloigin > “Could conditionally“… With my FESCo hat on, during the Change Checkpoints > FESCo will need to know whether the Change is sufficiently complete or > whether > to fall back to the contingency plan. Having a “Could conditionally” nailed > down to yes or no would prevent general unhappiness if the respective package > maintainers thought that they have done the right thing and FESCo during > review > suddenly decided that the right thing is the opposite. Right, I understand. It's 'could conditionally' because it's still early stage proposed change in workflow. > So this proposal only helps if we hope that a bot won’t try the right user > name; > calling this security by obscurity is not too wide off the mark. I beg to differ here a little. Because nothing is stopping them from trying non-root accounts now and even with 'without-password' option, nothing changes for non-root accounts. The proposed change and use of 'PermitRootLogin' option is only to restrict remote 'root' access. IMO that's not obscurity. So, we do seem to have consensus(at least no opposition) for 'PermitRootLogin=without-password' option. I'll update the feature page with it and details about the specific use-cases. Thank you. --- Regards -Prasad http://feedmug.com -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
