Philip Hands wrote: > Justin B Rye <justin.byam....@gmail.com> writes: >> It needs a small amount of rephrasing, but the most important problem >> is that it starts by saying you need to set a password and then goes >> on to suggest that you might not need to set a password. Maybe that >> can be fixed by rearranging things slightly... >> >> Template: passwd/root-password >> Type: password >> # :sl1: >> _Description: Root password/passphrase: >> To allow direct password/passphrase-based access to the 'root' >> (system administrative) account you can set it up here. >> The results can be disastrous if a malicious or incompetent user >> obtains root access, so you should not set one that can be guessed, >> found in dictionaries, or easily associated with you. >> . >> Alternatively, you can lock root's password >> by leaving this setting empty, and >> instead use the system's initial user account >> (which will be set up in the next step) >> to become root. This will be enabled for you >> by adding that user to the 'sudo' group. >> . >> Note: what you type here will be hidden (unless you select to show it). >> >> Does this still feel like the same advice? > > The reason behind that structure was supposed to be that one definitely > needs _a_ password, but not necessarily a root password, so the password > advice applies to whichever password you'll decide to grant root access > to, which might not be set here.
This template is specifically about the "Root password/passphrase"; probably I should have quoted the patch I was looking at, which starts with "One needs a password/passphrase that grants access to the 'root' (system administrative) account" but goes on to say "Alternatively, you can lock root's password by leaving this setting empty". > I'm OK with the way you've phrased it, although my personal preference > would be to simply drop the "disastrous" sentence if we use this > version, because I think it breaks the straightforward flow of the text > laying out the choice we're trying to get the user to make between the > two available options. (I also rather doubt that anything we say at this > point in the install will have the slightest influence on people's > choice of password). I can imagine people might be more likely to heed something shorter; maybe it could be boiled down to To allow direct password/passphrase-based access to the 'root' (system administrative) account you can set it up here. To protect your system you should not use one that can be guessed. -- JBR with qualifications in linguistics, experience as a Debian sysadmin, and probably no clue about this particular package