[debian-mysql] Bug#418672: 5.0.32-7etch1 has this bug
Russell Coker
russell at coker.com.au
Wed Apr 25 23:07:23 UTC 2007
On Thursday 26 April 2007 02:31, sean finney <seanius at debian.org> wrote:
> > Empty passwords by default might be OK for a source based install of
> > MySQL, but they are not OK for a Debian install. Debian packages should
> > be expected to be secure by default!
>
> i think it's fairly common knowledge that this is to be expected when
> installing mysql, as you will find this to be the case for every other
> distribution of unix/linux that includes mysql.
If it was common knowledge then surely I would have known it years ago!
The big advantage of MySQL over all other options is the low level of skill
needed to administer it. Oracle requires a dedicated DBA with a six figure
salary. PostgreSQL requires a good sys-admin who has experience and knows
SQL. MySQL generally works for anyone who wants to turn it on.
> however, in principle i agree with you--hence we went out of our way to
> do the password prompt stuff in the first place. perhaps we should
> consider raising the priority of the question (currently i believe it's
> medium, which is why you didn't see it maybe?).
I believe that if there is an option to run a system with no administrative
password then the question about it should be at the highest priority, or the
password should be set to a random value (from /dev/random) by default.
More information about the pkg-mysql-maint
mailing list