[debian-mysql] Bug#855098: mysql_secure_installation

[rugk]

Hi,
actually I also had problems with your decicion not to use 
debian-sys-maint anymore and I would suspect other users, who are used 
to mysql, might have too. Because after a fresh install of 
mariadb-server I did the same steps, which were also recommend for 
mysql: I ran mysql_secure_installation.
This works as expected and the user is assured that the instance is now 
save. However the first thing it does is change the root password, so 
actually this breaks your authentication.

The user knows how he/she did it with mysql, does the same steps with 
mariadb and breaks the whole thing. Usually the user only notices this 
first when trying to stop the mysql service, at which point he/she has 
no clue what is wrong here.
This might affect all users who are security-aware and run 
mysql_secure_installation without knowing the changes done in mariadb.

So please adjust mysql_secure_installation. Maybe remove the password 
change request or make it write the new credentials to 
/etc/mysql/debian.cnf or at least add an explanation there, that 
changing the root password is not recommend and may break everything.

Debian Stretch here.

BTW: The README is really bad to find…

Best regards,
rugk

-- 
I offer PGP support. To send me a PGP-encrypted mail, please ask for my 
private mail address.