Any service is potentially insecure, and sshd is intrinsically insecure because it is *designed* to let people login to a machine and start a shell.
By that definition, mingetty is an insecure service...so should I turn it off? Should SuSE not include it, either?
I don't think you are putting yourself in the place of a typical user. We want Linux to be available to everybody, right?
It is already available to anyone who wants to use it.
We want it to take over from Windows as the operating system of choice for a home user, don't we?
No...who said that?
I'm afraid we don't stand a chance if we demand that people be 'interested' in their system and wade through fat manuals.
If people don't care about their system, they should be prepared to accept the consequences of their descision. Sure, Windows may be a little less stable, a little more sluggish sometimes, and less configurable. But some people are prepared to accept those problems. Let them have it.
A typical user wants to run applications, play games, surf the net, that sort of thing. They are probably not used to the idea of setting a password so will set it to be the same as their name.
There are systems designed for just these sort of people...they're called Macs and Windows systems.
You are right that it is easy to look through rc.config and change things. But most users would never think of doing it.
That's why most users happily use Windows. I don't understand this weird uber-advocacy stance that says we have to convert every single Windows user to Linux and make Linux the one and only operating system on earth. It's completely irrational and goes against the very idea of having a choice of computer operating systems. If people aren't interested in learning the complexities of Linux systems, they are free to use Windows or Macs. If someone wants to sugar-coat Linux for them, that's fine, too. There are already distributions that try to do this (Mandrake, Storm). Just because they are doing it, doesn't mean SuSE needs to. SuSE has a nice balance where it is. -- Jeremy Buchmann