maria-developers team mailing list archive

Thread
Date

Re: [Commits] 2ef562d: MDEV-9080 - Debian: incorrect empty password check in postinst

To: maria-developers@xxxxxxxxxxxxxxxxxxx
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Thu, 5 Nov 2015 15:40:02 +0100
In-reply-to: <20151104163729.4AC342C45AD@mail.askmonty.org>
User-agent: Mutt/1.5.24 (2015-08-30)

Hi, Sergey!

ok to push

On Nov 04, Sergey Vojtovich wrote:
> revision-id: 2ef562d2c74297b0b92c4322697dad98767cc873 (mariadb-10.1.8-24-g2ef562d)
> parent(s): 01bd3737777f8f0cf2e1737d01a48033a7615b2a
> committer: Sergey Vojtovich
> timestamp: 2015-11-04 20:37:16 +0400
> message:
> 
> MDEV-9080 - Debian: incorrect empty password check in postinst
> 
> There was code that was supposed to "catch upgrades from previous versions where
> the root password wasn't set". But it is wrong in many regards:
> - it is supposed to be executed against running server, but at this point server
>   should be down, which makes this code no-op
> - if the above is fixed, root password will be requested twice (initial root
>   password request + this one)
> - it asks for a password only once, while "initial root password request" asks
>   twice (password + password verification)
> - it may give false positive if unix socket based authentication is in effect
> 
> Removed this code since it didn't work for quite a while (at least since
> mysql-5.1) and nobody cared about it.

Regards,
Sergei