[debian-mysql] Bug#418672: 5.0.32-7etch1 has this bug
Russell Coker
russell at coker.com.au
Wed Apr 25 08:40:08 UTC 2007
On Wednesday 25 April 2007 16:36, sean finney <seanius at debian.org> wrote:
> On Wed, 2007-04-25 at 13:22 +1100, Russell Coker wrote:
> > I just did a fresh install of mysql-server-5.0 on an AMD64 system which
> > had never been used to run any version of MySQL before. It has root
> > accounts with no passwords.
>
> i believe the bug in question was about an existing installation with a
> password being upgraded in such a way that root could log in afterwards
> without a password.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418955
My above bug report was closed as a duplicate of this.
> empty passwords are actually the *default* with mysql databases, though
> in debian we've value-added some debconf-based password setting. still,
> if you don't see the questions or othewrise decline these questions the
> default remains.
Empty passwords by default might be OK for a source based install of MySQL,
but they are not OK for a Debian install. Debian packages should be expected
to be secure by default!
The fact that I was asked no questions on several installs of MySQL in both
Etch and Unstable is a bug in the MySQL packages. Should I continue the
issue here or re-open my other bug report?
More information about the pkg-mysql-maint
mailing list