Otto Kekäläinen <o...@debian.org> writes: > On a quick look the solution suggested by Kristian looks OK. I will > eventually do something to implement and test it, but if somebody has > time to do it right now and send me a git merge request (or Github > pull request) then things would progress much faster.
http://lists.askmonty.org/pipermail/commits/2017-January/010425.html This adds mysql_install_db --auth-root-socket option that mariadb-10.1-server.postinst can use instead of patching mysql_system_tables_data.sql and breaking mysql_install_db for others. I will try to get Monty to review this today so I can push it upstream. With this patch, you should be able to remove debian/patches/mdev-8375-passwordless-root-via-socket-auth.patch and just use the --auth-root-socket option on mysql_install_db instead. > The purpose of this change is to get everybody to impove their > security and move to using new passwordless practices. Are we now sure > there is no way to change mysql-ruby2 to utilize socket auth, or > create a test user that has no plugin defined, or something else? With the above patch, applications can use eg. mysql_install_db --auth-root-socket=$USER to install a private instance with socket-based root access by non-privileged user. However, note that the new socket authentication for the root user is not necessary to securely setup a private server instance. For example, using --skip-networking and making the server socket accessible only by the running user; that should be the same, security wise. - Kristian. _______________________________________________ Python-modules-team mailing list Python-modules-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team