--- /dev/null
+Security considerations for grml
+================================
+
+1.) There is no automatic start of external accessible services in Live-CD
+ mode. (sshd is started by default on harddisk installations though.)
+
+2.) There are no default passwords. All accounts are locked by default.
+ Even local logins are not possible (unless you set a password or create
+ new user accounts as root).
+
+3.) Therefore, all local interactive processes are started by init without
+ authorization.
+ Programs that only work for root are usually started using sudo without
+ password. This has the advantage of making faults caused by defective
+ software very unlikely, but does not enhance local security, since it
+ is fairly easy to switch between the "grml" and "root" account. The
+ grml user should never be allowed for external logins (in the case
+ that sshd or similar servers are being launched).
+
+4.) You can create valid passwords using "sudo passwd [username]" from the
+ shell, individually.
+
+GRML squashfs file
+==================
+
+The GRML squashfs file has been moved from /GRML/GRML to
+/live/grml.squashfs due to the use of live-initramfs.