On Thu 11 May 2017 at 21:54:57 -0500, Richard Owlett wrote:
> Working from purchased DVDs of Debian Stretch (8.6.0) I did a minimal
> install (MATE desktop + standard utilities) to a fresh partition.
> I then did
> apt-get install apache2
> apt-get install mariadb-server
>
> On completion of the later I was asked for a password for 'root' user. I
> supplied it and was able to login. As a check I attempted to login with an
> incorrect password and was blocked.
>
> I then followed the same procedure for Stretch using netinst
> {Debian stretch-DI-rc3 i386 1}
> I was never asked for the password.
>
> After a night's sleep, I'll read up on bug reporting.
> I've never filed a bug report, any assistance welcome.
> Later - yawn ;/
It's always a good idea to do some research before submitting a bug
report. That would include reading the Debian documentation. Searches
with "debian mariadb-server password" and "debian mariadb-server
password bug" throw up some interesting links. They could help you to
decide whether your experience is worth reporting, Don't forget that
packages can legitimately change their behaviour and confound the
expectations of users.
#800009 has
This issue is now fixed in 10.0.23-1 as the passwordless root
account authenticated via unix socket is only used on fresh
installs. Old installs will continue to use any root password
previously set.
--
Brian.
