Hi. Jeremy Lainé ([EMAIL PROTECTED]) wrote: > > A better solution would be detecting whether a password is needed > > (i.e. the debian-sys-maint or whatever the account is called is not > > available) and if so, prompt the user via debconf at purge.
> Trying to be guess whether a password is needed seems rather risky as > the database could very well be on a different server, don't you think? > I also noticed that in horde2, the config script tries to retrieve the > local admin password using mysql-localadmpass.get, but it does not check > at all if we are indeed installing the database on the local server.. Well, first of all, data removal at purging is inherently a "best effort" type enterprise because you aren't guaranteed to have your dependencies installed. You should of course not send local passwords to remote servers, but if the database is on a local server and a password is readily available, one might as well use that. Also, it might be questionable to remove data on a different machine at all while purging, but that's another discussion. Probably a proper solution will require some careful thought which is - in combination with the perfect reusability - why I'd like to see this in a common package. > As for prompting at purge, isn't that a big no-no? Last time we had this discussion (RFS phpgroupware in december, notably Jamin Collins had a lot of helpful advice), the conclusion was that prompting (via debconf) is OK and preferable to storing the password. Kind regards Thomas
