It is now. There's going to be a whole lot of people who are going to set a root password because they read an article online recommending it, then install the update that fixes this issue. Now they're stuck with a root password when they could have not had one at all.

If they're setting passwords just to prevent a bug, then yes it's a hack.

The same actions can be a hack or not, depending on what they're accomplishing.

Having a root account is a password isn't a hack, it's making one as a workaround for this bug that is.

Uhg, ok I forgot some people don't know the code. The old adage is "On your first day as the new sysadmin, change all the root passwords". The idea is that a SECURE root is good, possibly better than no root (which is sort of a hack in itself). There are best practices for root passwords. Things like length, composition (no dict words), disabled for remote access, and care in who is allowed to have it.

Simply pretending root does not exist is a rather new idea and is not best practice. It's only for convenience.

I assume he means that you should always set a password for "root". Though most users don't even knows it exists.. hence it should have been taken care of by apple.

I really can't respond to you unless you explain your reasoning…

In a week they will be less secure, because they will forget to remove their root account and Apple will have push out a fix.