On Thu 11 May 2017 at 21:54:57 -0500, Richard Owlett wrote:
Working from purchased DVDs of Debian Stretch (8.6.0) I did a minimal
install (MATE desktop + standard utilities) to a fresh partition.
I then did
apt-get install apache2
apt-get install mariadb-server
On completion of the later I was asked for a password for 'root' user. I
supplied it and was able to login. As a check I attempted to login with
an incorrect password and was blocked.
I then followed the same procedure for Stretch using netinst
{Debian stretch-DI-rc3 i386 1}
I was never asked for the password.
After a night's sleep, I'll read up on bug reporting.
I've never filed a bug report, any assistance welcome.
Later - yawn ;/
It's always a good idea to do some research before submitting a bug
report. That would include reading the Debian documentation. Searches
with "debian mariadb-server password" and "debian mariadb-server
password bug" throw up some interesting links. They could help you to
decide whether your experience is worth reporting, Don't forget that
packages can legitimately change their behaviour and confound the
expectations of users.
#800009 has
This issue is now fixed in 10.0.23-1 as the passwordless root
account authenticated via unix socket is only used on fresh
installs. Old installs will continue to use any root password
previously set.