[arch-releng] [RFC] Enable headless installation

[Pierre Schmitz]

Am 26.10.2012 04:32, schrieb Gerardo Exequiel Pozzi:
> Implements FS#32064
> 
> Feedback is really welcomed :)

I think we should not implement this feature request. For headless
installations you should use a serial console or an equivalent setup.
Starting up sshd and hoping for the best is too fragile to actually
really support this scenario.

But the biggest concern is security here. We open up a password-less
root access here without telling the user or giving him any control over
it. This might not be a big deal on your local lan, but it is a big
issue if you are on e.g. an university network, a conference or even
worse: you want to setup a new server which is directly connected to the
net. Knowing that bots are constantly scanning for open or weak ssh
servers this risk is not that esoteric.

To sum things up: Our iso should try to be least intrusive as possible.
Do not alter any settings on the host system and do not listen on any
port.

Greetings,

Pierre

-- 
Pierre Schmitz, https://pierre-schmitz.com