that darned ROOT problem

[Janne Jokitalo]

Bo Grimes wrote:
>> Without root password, you at least get away with random
>> attacks that try common usernames with passwords like 'admin',
>> 'password' or the like. You get the picture.
> 
> So how does Ubuntu's way prevent that if this were the case?

Err... isn't it self-explanatory? There is no root password -> you cannot
login on that account.

>> The average user joe might very well put something very simple for root's
>> password, since there's then another thing to remember, and since everyone
>> always warns not to use those yellow notes attached to monitor side, well... :)
> 
> How is Ubuntu's way more secure if this were the case?

Ummm.... I get the feeling now that you just don't want to appreciate this.
Echoing one question over and over won't get us anywhere. I'm done with this
subject, after this email, unless you're taking this to some direction.

>> So you see, it's not that simple. This is a well thought-out approach, and
>> I'd wait a long while gathering experiences before go and change it
>> due to few people disagreeing with it.
> 
> The fact here is that Ubuntu is changing it from the standard practice
> for Linux distros, and I have 6 years and dozens of distos of experience.

And I'm sure many of Ubuntu's core developers have even more so, and they're
still going by this approach. Think it's just for the heck of it?

I dunno, could be. Still, I'd gather some more evidence for research purposes.


-- 
Jaska