severity 510875 important thanks Hi Ansgar,
On Mon, January 5, 2009 16:12, Ansgar Burchardt wrote: > Package: mysql-server-5.0 > Version: 5.0.32-7etch8 > Severity: grave > Tags: security > Justification: user security hole > This results in an empty root password by default. It is well known that MySQL installations have a default empty root password. This is clearly documented in the MySQL manual and described in about every MySQL tutorial or book you will find. Furthermore the MySQL server is not in the initial configuration accessible remotely. It is laudable that the Debian package tries to bring this to the attention of the user and allows them to set one, and I think the maintainers should give your request due consideration. However, because of the reason I cite, I do not think we should be treating this as a "grave user security hole". Thijs -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
