On Tue, 8 Nov 2022 17:37:59 +0100, Stefan Seyfried wrote:
On 08.11.22 01:04, Jim Henderson wrote:
Everyone did, it seems. And of course using su is always an option. But consider that there are people who (for better or worse) will use sudo in automated processes as well - and who won't find out until their systems start failing.
I don't think the default configuration allows anything automated without password or such for anyone, so this will not be broken.
Well, that's good.
And the good thing in this case is, that the "old" (now again current...) config needed the root password to become root. So everyone could just use "su" to fix up their systems and nobody got locked out.
Yes, but still, messing about with someone's configuration without telling them is just not a good idea.
Wold the change have been the other way round (users password required before, now the root password), then it would have been way more likely to end up locking someone out of his own system
Possibly, but with physical access, there's almost always a way in. But again, if we hold to the principle of not changing a system's behavior post-installation, then we're not going to run that risk at all.
We should at least (at the very minimum) do them the courtesy of advertising it on the systems they're using so they know. To have it be a completely silent change in behaviour is just simply unacceptable to me.
I guess this is more or less universally agreed on ;-) and that's probably the reason why this was reverted quickly.
I personally have no special preference: I'm using the "defaults targetpw" on SUSE systems and the "normal" setup on debian systems. But a change like that certainly needs a "loud" announcement :-)
Yeah, I don't particularly have a preference other than it's my system, it's set up, so leave it alone, and if it must be changed for a really good reason, tell me during the upgrade. -- Jim Henderson Please keep on-topic replies on the list so everyone benefits