On Wednesday 25 April 2007 16:36, sean finney <[EMAIL PROTECTED]> wrote: > On Wed, 2007-04-25 at 13:22 +1100, Russell Coker wrote: > > I just did a fresh install of mysql-server-5.0 on an AMD64 system which > > had never been used to run any version of MySQL before. It has root > > accounts with no passwords. > > i believe the bug in question was about an existing installation with a > password being upgraded in such a way that root could log in afterwards > without a password.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418955 My above bug report was closed as a duplicate of this. > empty passwords are actually the *default* with mysql databases, though > in debian we've value-added some debconf-based password setting. still, > if you don't see the questions or othewrise decline these questions the > default remains. Empty passwords by default might be OK for a source based install of MySQL, but they are not OK for a Debian install. Debian packages should be expected to be secure by default! The fact that I was asked no questions on several installs of MySQL in both Etch and Unstable is a bug in the MySQL packages. Should I continue the issue here or re-open my other bug report? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
