Re: RFC: common database policy/infrastracture
On Thu, 16 Dec 2004 08:27:20 +0100 (CET), Andreas Tille <firstname.lastname@example.org> wrote:
> On Wed, 15 Dec 2004, sean finney wrote:
> Yes, but I do not want to store the password *anywhere* - it could even
> be removed from debconf database because it makes no sense to store it
> in case the local maintainer changes the database password the value
> is absolutely useless in any config file or debconf database. Moreover
> it is even a security risk to store a password in an additional place.
If it's only readable by root, how much of a risk is it really?