On 11/24/2016 03:46 PM, Patrick Ohly wrote:
On Thu, 2016-11-24 at 11:38 +0800, Robert Yang wrote:
Currently, debug-tweaks is in EXTRA_IMAGE_FEATURES by default for poky, and
there is no passwd, so that user can login easily without a passwd, I think
that current status is more unsafe ?
Both well-known password and no password are unsafe. User "root" with
password "root" is not even "more" safe already now, because tools that
brute-force logins try that. Choosing something else would be a bit
safer for a short while until the tools add it to their dictionary.
I meant add an interface to let user can set their password here.
// Robert
Poky is also targeting a different audience than OE-core. Poky can
assume to be used in a secure environment, OE-core can't (because it
might be used for all kinds of devices).
--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
