SSH and the Ubuntu Server

[Thierry Carrez]

Clint Byrum wrote:
> +1 for adding this prompt
> -1 for having it default to Yes.

I tend to agree with Clint.

The prompt gives exposure to the choice, makes a statement that you
should really consider this essential package, and sidesteps the issue
of experienced people coming from other distros and expecting it by
default (those people read the install screens).

Defaulting to "no" avoids the security policy issue, protects
unsuspecting users (those who don't read the install screens), and it's
not the only question you have to consciously change to get a good
install ("ready to wipe your disks ?" comes to mind).

If you want to default to "yes", this ends up being a "Security policy"
vs. "What a minimal Ubuntu Server should contain" discussion, which
should be pushed to the Technical Board for decision. The current
situation is not the result of "maintaining the way it's always been
done 'round here" (like your Gorilla plug seems to imply), but the
result of conscious security policy choices that made Ubuntu arguably
the most secure Linux distribution (like Kees explained). Those can be
changed, but that implies the Technical Board.

That said, I don't feel very strongly either way :)

-- 
Thierry Carrez
Ubuntu core developer