![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1205094 http://bugzilla.opensuse.org/show_bug.cgi?id=1205094#c11 --- Comment #11 from William Brown <william.brown@suse.com> --- Hi there,
"William, the change that you made affected TW users. Now all those who didn't touch the default settings have a broken sudo."
I did not make the change. I opened the original issue here: https://bugzilla.opensuse.org/show_bug.cgi?id=1203978 with internal references inside of SUSE, which states: """ The suggestion I would like to make to improve this is: * Yast2 should request if the first-user account is an administrative role rather than requesting that the first-user account password is duplicated for root. * If the first-user account is an administrative role, setting the root password is optional and locked by default. * If the first-user account is not created as an administrative role, then the root password is a requirement. * Sudo should be installed by default on JeOS/minimal installs. * sshd_config should set "PermitRootLogin no" by default. * sudoers by default should NOT contain the "defaults targetpw" line """ Additionally I involved both the sudo and yast maintainers for the feature development, as well as product management so they could coordinate and work with qe/qa, so that they could make the needed changes in coordination as well as testing it. I did not make the change. I highlighted that the default targetpw mode in SUSE and OpenSUSE in insecure and involved the needed parties. Please be careful when you make accusations like this, especially when they are incorrect. Mistakes happen. AutoQA is meant to catch and prevent this. This is clearly highlighting a failure in our tumbleweed testing. As a result, my input to Jason would be that: * We revert the change. * We attempt to understand why this error was missed in AutoQA and how that impacted the a new install. * That the Yast2 team is involved in the next time we attempt this update. -- You are receiving this mail because: You are on the CC list for the bug.