[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Default admin password for a webapp

Ben Finney <bignose+hates-spam@benfinney.id.au> writes:

> Xavier Luthi <xavier@caroxav.be> writes:
> 
> > In the case of the webapp packaged for Debian, the installation
> > time is not always the same as the configuration time, so it is
> > not an option to use the upstream method to set the password: this
> > would be a big security hole. That's why the Debian package of a
> > webapp often needs to diverge from the upstream source in the way
> > the application is configured.
> 
> Such divergence is to be avoided where possible. [...]

This (and the rest of the paragraph) is phrased poorly, with a
corollary left unimplied. Better is:

Such divergence, though sometimes necessary, should be resolved as
soon as possible by working with the upstream developers to merge
Debian's improvements into a future upstream release.

-- 
 \            “Simplicity is prerequisite for reliability.” —Edsger W. |
  `\                                                          Dijkstra |
_o__)                                                                  |
Ben Finney
Reply to: