On Mon, May 18, 2009 at 05:49:50PM +0200, Olivier Berger wrote: > > Mantis shouldn't install with an administrator account with a predictible > password as currently done. > > Such a password should be random and saved somewhere for root users to > retrieve. >
Here's a proposed patch (for 1.1.6 stable/testing, but should apply similarly to unstable), reusing bits of what was available earlier in mantis when dbconfig-common wasn't used. http://git.debian.org/?p=users/olberger-guest/mantis.git;a=commit;h=9e31f3c8cbdbf3166d38e173a5f026ff1b6cf01a There may be a way to use dbconfig-common templates in the DB creation for initial installs maybe, but couldn't find an easy way. In any case, this is needed for upgrades for sites where the admin wouldn't have changed the root password, I suppose. Maybe, in case of upgrades, there should also be a notice to the user, then... Hope this helps. Review/comments much welcome. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
