Done.

On Thu, Oct 10, 2019, 23:09 Salvatore Bonaccorso <car...@debian.org> wrote:

> Hi Jim,
>
> On Thu, Oct 10, 2019 at 04:31:01PM +0800, Jim Mee wrote:
> > Hi all,
> >
> > I recently found glances <https://packages.debian.org/buster/glances>
> > package has added an XMLRPC API server that provides access for remote
> > users. Unfortunately it requires no authentication, and worse, it binds
> to
> > 0.0.0.0, meaning glances API is exposed to the whole network.
> >
> > I suggest that the packager adds a random password on install, and remind
> > the user to change it afterwards.
>
> Can you fill this as regular bug against the package (ideally with
> reportbug otherwise for alterntive
> https://www.debian.org/Bugs/Reporting)?
>
> Regards,
> Salvatore
>

Reply via email to