Comment 12 for bug 296841

Part of the reason there's been a problem here is that the root user is initially set up by base-passwd as follows:

  root::0:0:root:/root:/bin/bash

I don't think the blank password is defensible in this day and age, and will change this. I wouldn't like to backport this to Intrepid immediately, though - I think it could bear a bit of shaking out just in case there are unexpected consequences.