Done. On Thu, Oct 10, 2019, 23:09 Salvatore Bonaccorso <[email protected]> wrote:
> Hi Jim, > > On Thu, Oct 10, 2019 at 04:31:01PM +0800, Jim Mee wrote: > > Hi all, > > > > I recently found glances <https://packages.debian.org/buster/glances> > > package has added an XMLRPC API server that provides access for remote > > users. Unfortunately it requires no authentication, and worse, it binds > to > > 0.0.0.0, meaning glances API is exposed to the whole network. > > > > I suggest that the packager adds a random password on install, and remind > > the user to change it afterwards. > > Can you fill this as regular bug against the package (ideally with > reportbug otherwise for alterntive > https://www.debian.org/Bugs/Reporting)? > > Regards, > Salvatore >
