severity 510875 important tags 510875 - security Hi, * Ansgar Burchardt <ans...@2008.43-1.org> [2009-01-05 16:42]: > The question asking for the administrative password has a priority of > `medium'. Debconf's default is to ask only questions of at least > priority `high' since 1.4.61 (and d-i apparently sets this value by > default even longer). > > This results in an empty root password by default. Every user which > can connect from `localhost' has then full administrative privileges. > The only thing he has to do is run `mysql -u root'.
Downgrading this bug, it is by no means a grave bug. I also remove the security tag as this is what README.Debian says: * WHAT TO DO AFTER INSTALLATION: ================================ The MySQL manual describes certain steps to do at this stage in a separate chapter. They are not necessary as the Debian packages does them automatically. The only thing that is left over for the admin is - setting the *passwords* !!! ^^^^^^^^^^^^^^^^^^^^^^^ - creating new users and databases - read the rest of this text I'd personally mark this as wishlist but that's up to the maintainer. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpQSoscK9bpk.pgp
Description: PGP signature
