On Mon, Apr 24, 2017 at 05:10:35PM +0200, Arnt Karlsen wrote:

[cut]

>
> ..we don't warn them before we drop them online on wired networks with
> heads-0.2.
> The vdev iso does this right though, it stays offline until you e.g.
> run setnet.sh.
>
> ..I agree this is a policy issue, and we should set it so at least
> clueless heads-0.2 etc people stay offline until they change their
> passwords away from the default ones.
>

So this should be implemented by the distro policy, e.g. in heads, not
in setnet or wicd...

[cut]

>
> ..I have the Knowledge, but still found myself Automagically Online
> with heads-0.2's Default Passwords, Because I Forgot I still had the
> network wire plugged in on boot-up. I'm just a human who err. ;o)
> In my case, this endpoint security breach was no problem.
> But that same blunder could kill any needy heads user.
>

It would be sufficient to deny ssh login with password, which I
believe is already the default in heads. Or to disable sshd by
default, which is unnecessary if the former holds.

Or maybe I have completely misunderstood what is the "endpoint
security breach" you are referring to.

My2Cents

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
[     "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[       @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[     @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]