TYPO3 Core

Also if you say, that the file will be deleted after an hour and so there won't be a big securitys whole, if it was present just from the beginning, the problem remains that the file may not be older than one hour when accessing the install tool.
How do you think this modification time should be saved in the package?

Besides that the message appearing on the screen, when you access the locked install tool is rather clear I think.

Make a modification: Add a file ENABLE_INSTALL_TOOL.001 which will automatically be copied to ENABLE_INSTALL_TOOL with a most current date. If the user does not delete the ENABLE_INSTALL_TOOL.001, then he can always log in.

The appearing message is clear only to the very few English native speakers and the few TYPO3 experts, but never to the big number of normal TYPO3 users.

If I understand you correctly, you want to have a usability improvement when setting up a new TYPO3 installation. You want the Install Tool always to be activated by default, without the user having to do anything.

That way every new TYPO3 installation is basically open to attackers. With an Install Tool auto enabled by default an attacker will have full control over the installation. Considering that it might be an absolute beginner who configured the system (that are the people you are thinking of), maybe there even is access to the whole database and more...
Since TYPO3 stores all its files under the webroot, this will work for an attacker really easy: Just scan for such an ENABLE_INSTALL_TOOL.001 file in typo3conf/ and you know where to take over a site.
Taking all this into account I consider this a great security risk and am strongly against such a feature.

Now you could say: OK, let's place this file there, when the user who just installed the system presses a button.
But where is then the usability improvement?
You already can put that file there easily by creating it via shell (which you should know, when you just installed TYPO3 using it) or via FTP (which really is no big extra effort after waiting for tenthousands of files to upload).
Adding just another way of doing one and the same thing won't make life easier, but will instead make things even more complicated.

So the usability improvement will be only marginal while the danger arising from such a behaviour is not to be underestimated.

At least after #22503 the Install Tool message in my eyes contains a clear instruction on how to solve the problem. It indeed is sad that this message is not localizable. To change that and have it localized when the user first accesses the Install Tool it won't be enough to use locallang files, because the translations would not yet have been fetched after copying the Core files.
However, this is really offtopic here. Please open a new issue, if you want to improve that!

A reasonable logic for this problem is to be introduced with #22876.