Comment 3 for bug 347207

Revision history for this message
Emmet Hikory (persia) wrote :

I'm not sure which is correct: the current implementation of user-setup/allow-password-empty is very clean, and possibly useful. I don't think it's the right long-term solution for MID, and I agree with the point of view that it's probably unsafe to really have no password on an installed system, and better to use an automatic-login facility (as even a well-known default password is less likely to get hit by an automated scan than a blank password).

That said, it seems to me that it would make sense to be consistent across our tools, and if we did want to preserve user-setup/allow-password-empty, use it also in other places where we wish to have this sort of password (e.g. casper), although I believe it to be late enough in the Jaunty cycle this is unwarranted.