Given James' and Daviey's comments above, I think we should just let this be. Its more likely that sensitive information would live in the kickstart files (url=) which are not protected at all either.
Is there some appropriate way to document this and close it as such? -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/858867 Title: XMLRPC allows unauthed users access to various methods (which it shouldn't) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858867/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
