So Trisquel is an operating system which, for three years now according to
https://trisquel.info/en/forum/ssh-server-enabled-default, has allowed for
the installation of a desktop environment, which one could logically assume
will be widely used by people who may not be versed in services and security
and simply want a free desktop operating system with a graphical user
interface, that opens up a listening port on all network interfaces by
default, which allows communication to a commonly attacked and exploited
service, without warning the user, and in fact, giving them the impression
that no such condition exists?
For those who have influence over this project, please, for the integrity of
the Trisquel project, change this behavior so that some poor ignorant user
doesn't install the Trisquel Desktop Environment, set their account to a
username of "bob" with a password of "bob", and have NO idea that their
system is potentially open to compromise.
I am happy to do whatever I can to have this behavior changed. Screenshots,
documentation, discussion, etc. The _ONLY_ reason that I stumbled upon this
was by sheer accident. I look forward to a civil and considerate discussion.
