[DRE-maint] Bug#964759: redmine: insecure account with well-known password
Soren Stoutner
soren at debian.org
Fri Mar 28 16:54:24 GMT 2025
Andrius,
On Friday, March 28, 2025 3:20:06 AM Mountain Standard Time Andrius
Merkys wrote:
> > Alternately, it looks like it should be possible to change the
> > default admin
> > password via the command line before any instance is ever exposed
> > via a manual
> > apache configuration.
> >
> > https://stackoverflow.com/questions/30655292/is-there-a-rake-comma
> > nd-to-reset-a-redmine-admin-password
> Nice! I overlooked this. It would have been much nicer doing this in
> a postinst than my patchwork.
>
> > I have not yet tested any of these commands, but if it is a
> > concern that the
> > default instance initially exposes a default password, perhaps we
> > should add a
> > list of commands to README.Debian a user can run to change the
> > password before
> > setting Apache to serve up the Redmine instance.
>
> Yes, this would be nice to have.
Do you have time to test these commands to see if they work with
Redmine 6.0.4 we are currently shipping, and to test if they work with
multi-tenancy?
If so, we can update README.Debian:
https://salsa.debian.org/ruby-team/redmine/-/blob/master/debian/
README.Debian?ref_type=heads#L9-10
--
Soren Stoutner
soren at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20250328/56a5b322/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list