As far as I can tell, this has been fixed since Gutsy.
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
htt
As far as I can tell, this has been fixed since Gutsy.
** Changed in: mysql-dfsg-5.0 (Ubuntu)
Status: Triaged => Fix Released
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notification because you are a member of Ubuntu
Bugs, which is subsc
The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.
** Changed in: mysql-dfsg-5.0 (Ubuntu Gutsy)
Status: Triaged => Won't Fix
--
Root password policy for mysql
https://bugs
Ugh, while upgrading Intrepid today Debconf blocked the upgrade 3 times
asking me to set the root password.
Given that mysql is only installed for a DigiKam backend (I think),
there's no reason why I would give a damn the first time around, much
less the second or third.
--
Root password policy
I was surprised to see the root password dialog. Even when using apt-get
install with the "-y" option. The apt-get man page tells me that, besides
answering 'yes' to all questions, the setup runs non-interactively.
It also doesn't tell anything about debconf priorities or how to prevent
questio
** Changed in: mysql-dfsg-5.0 (Ubuntu Gutsy)
Importance: High => Wishlist
Status: Confirmed => Triaged
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu
I was surprised that the password at the installation is only set once.
As the letters of the new password are (correctly) hidden a typo of
users like me might be possible. ;)
Possible Solution: Confirm the new password in a second input field
(like at the Ubuntu installation).
See the attached s
Dropping importance to whishlist, as the default install will prompt for
a root password.
** Changed in: mysql-dfsg-5.0 (Ubuntu)
Importance: High => Wishlist
Status: Confirmed => Triaged
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug noti
** Changed in: mysql-dfsg-5.0 (Ubuntu Dapper)
Status: In Progress => Fix Released
** Changed in: mysql-dfsg-5.0 (Ubuntu Edgy)
Status: In Progress => Fix Released
** Changed in: mysql-dfsg-5.0 (Ubuntu Feisty)
Status: In Progress => Fix Released
--
Root password policy for my
I am preparing patches for Dapper -> Feisty based on Soren Hansen's
previous work. These patches are going to be part of a larger security
upload. The real issue is that the root password prompt priority is
medium, which is not normally seen in Ubuntu, therefore it is assumed
there are *many* mys
** Changed in: mysql-dfsg-5.0 (Ubuntu Dapper)
Assignee: (unassigned) => Jamie Strandboge (jamie-strandboge)
** Changed in: mysql-dfsg-5.0 (Ubuntu Edgy)
Assignee: (unassigned) => Jamie Strandboge (jamie-strandboge)
** Changed in: mysql-dfsg-5.0 (Ubuntu Feisty)
Assignee: (unassigned)
Dropped from the RC milestone; the current behavior does prompt for a
mysql root password at high priority on install, so the security issue
is resolved.
It is still a bug that the package has to prompt the user for a password
for a functional, secure-by-default installation, but this can be
defer
Hi,
Jamie Strandboge [2007-10-02 2:17 -]:
> Wouldn't it be better to prompt for the password until we figure
> out/have the time to implement the best way to not prompt safely?
Full ack.
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notifica
The security team is getting bugs on this issue, and IMO it is not a
good idea to setup a passwordless mysql root account. I understand
about making things easy for the end user, but I don't see how this is
much different than setting up a password for a login user. I think
more people would be u
moving the milestone
** Changed in: mysql-dfsg-5.0 (Ubuntu)
Target: ubuntu-7.10-beta => ubuntu-7.10-rc
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
moving to beta, soren is away for tribe 5
** Changed in: mysql-dfsg-5.0 (Ubuntu)
Target: tribe-5 => ubuntu-7.10-beta
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contac
** Changed in: mysql-dfsg-5.0 (Ubuntu)
Target: tribe-4 => tribe-5
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-b
Just to record it: Our resident Debian maintainer person said he'd try
to squeeze it into his otherwise busy schedule. I'll check up on it in a
while and figure out how to handle this if he's too busy.
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug
On Mon, Jul 16, 2007 at 11:09:28AM -, Caspar Clemens Mierau wrote:
> Well actually this is a huge step back on the timetable, isn't it? I
> guess a patch for this feature will take some months for development and
> security/stabilty testing. So that's the reason I hoped for skip-priv-
> like so
Well actually this is a huge step back on the timetable, isn't it? I
guess a patch for this feature will take some months for development and
security/stabilty testing. So that's the reason I hoped for skip-priv-
like solution fast to implement.
--
Root password policy for mysql
https://bugs.laun
After discussion with MySQL:
http://bugs.mysql.com/bug.php?id=29287
And with Debian, here's the result so far:
We don't like having cleartext passwords in files (regardless of the
permissions of said file).
We want to be able to reset passwords etc. without a password if we're the user
running
** Changed in: mysql-dfsg-5.0 (Ubuntu)
Target: tribe-3 => tribe-4
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-b
Needs more time to discuss with upstream and Debian, moving to tribe-3
** Changed in: mysql-dfsg-5.0 (Ubuntu)
Target: tribe-2 => tribe-3
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notification because you are a member of Ubuntu
Bugs, whi
** Changed in: mysql-dfsg-5.0 (Ubuntu)
Assignee: Ubuntu Server Team => Soren Hansen
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs maili
On Mon, Jun 11, 2007 at 12:45:42PM -, Soren Hansen wrote:
> However, after talking to Martin Pitt, we've decided to try to actually
> *fix* things rather than patch them. I'll be filling a bug against the
> debian package by the end of this week (or if someone else has the time,
> feel free to
Ok, I now have a working version which:
* Lower the priority of the debconf prompt for the root password to medium,
to avoid asking for it during installation.
* Add resetpasswd option to init script.
* Set random root password on installation if no password given.
* Warn about random p
Caspar Clemens Mierau wrote:
> I guess /etc/defaults is also a good place for a variable to source.
Right:
# MySQL root password is empty. Enable MySQL service and set root's
# password with 'mysqladmin -u root password [your new password]'.
#
# If root's password isn left empty, all local users
I guess /etc/defaults is also a good place for a variable to source.
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@
Soren Hansen wrote:
> Alright then. I've added a "resetpasswd" option to /etc/init.d/mysql
> which asks for a new password (using whiptail) and sets it accordingly.
Well, we have postfix which asks questions on installation, so adding
questions to mysql shouldn't be a big problem.
But, we shoul
Alright then. I've added a "resetpasswd" option to /etc/init.d/mysql
which asks for a new password (using whiptail) and sets it accordingly.
That's the technical bit. I'm still not convinced about the proper
course of action with regard to the prompt during installation. The
easiest is of course t
Caspar Clemens Mierau wrote:
> Can name this? That would be the perfect solution as we only need to
> call this.
Check out Mathias's comments.
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notification because you are a member of Ubuntu
Bugs, whi
> Yes, mysql. People are unaware of this, but there is another root user
> in mysql wich has random password. Check /etc/mysql/debian.cnf.
Actually I thought debian-sys-maintainer is only able to ping the server
but it seems I am wrong. At least under debian I see the user "Y" in all
priv fields i
Caspar Clemens Mierau wrote:
> 1. Are there any other applications where random passwords are set (that
> you need)?
Yes, mysql. People are unaware of this, but there is another root user
in mysql wich has random password. Check /etc/mysql/debian.cnf.
> 2. MySQL by default does not listen on a
I don't think setting a random password is a good idea.
1. Are there any other applications where random passwords are set (that
you need)?
2. MySQL by default does not listen on a (remote) network interface.
3. I cannot name one distribution that sets a random password to mysql,
this would lead
On Thu, Jun 07, 2007 at 01:06:24PM -, Soren Hansen wrote:
> On Thu, Jun 07, 2007 at 11:32:14AM -, Caspar Clemens Mierau wrote:
> > Actually you can do the sudo thing without hacking mysql or touching
> > mysql code. A rather simple init/shell-script (re)starting mysqld with
> > skip privile
On Thu, Jun 07, 2007 at 11:32:14AM -, Caspar Clemens Mierau wrote:
> Actually you can do the sudo thing without hacking mysql or touching
> mysql code. A rather simple init/shell-script (re)starting mysqld with
> skip privileges lets you overwrite existing root passwords, that is also
> the way
Actually you can do the sudo thing without hacking mysql or touching
mysql code. A rather simple init/shell-script (re)starting mysqld with
skip privileges lets you overwrite existing root passwords, that is also
the way mysql suggests.
So a /etc/init.d/mysql setpass could interactively ask you wh
** Changed in: mysql-dfsg-5.0 (Ubuntu)
Importance: Undecided => High
Assignee: (unassigned) => Ubuntu Server Team
Status: Unconfirmed => Confirmed
Target: None => tribe-2
--
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notificat
38 matches
Mail list logo
