Package: lxc Version: 1:2.0.3-1 Severity: normal Hi,
I saw the sentence added to the README.Debian claiming that "Most templates ship without a root password", but this seems false. Looking at the other templates it seems that a lot of them (ie. Fedora/Centos) are setting a root password, basically only ubuntu and debian now are not doing so. More over there is an effort on their side to make the default images more secure: https://fedoraproject.org/wiki/LXC_Template_Security_Improvements Shouldn't debian follow the scheme used by Fedora/CentOS to set the root password? Or at least generate a default random password? The extra actions needed to set a root password after the installation of the image are not completely obvious. Cheers, Laurent Bigonville -- System Information: Debian Release: stretch/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.6.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lxc depends on: ii init-system-helpers 1.39 ii libapparmor1 2.10.95-4 ii libc6 2.23-2 ii libcap2 1:2.25-1 ii liblxc1 1:2.0.3-1 ii libseccomp2 2.3.1-2 ii libselinux1 2.5-3 ii python3 3.5.1-4 pn python3:any <none> Versions of packages lxc recommends: ii bridge-utils 1.5-9 ii cgmanager 0.41-2 ii debootstrap 1.0.81 ii dnsmasq-base 2.76-2 ii iptables 1.6.0-2 pn libpam-cgfs <none> ii lxcfs 2.0.2-1 ii openssl 1.0.2h-1 ii rsync 3.1.1-3 ii uidmap 1:4.2-3.1 Versions of packages lxc suggests: pn apparmor <none> ii btrfs-tools 4.5.2-1 ii lua5.2 5.2.4-1 ii lvm2 2.02.160-1 -- no debconf information
