* Jim Mi: > Done.
Thanks. For future reference: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942162> > On Thu, Oct 10, 2019, 23:09 Salvatore Bonaccorso <[email protected]> wrote: > >> Hi Jim, >> >> On Thu, Oct 10, 2019 at 04:31:01PM +0800, Jim Mee wrote: >> > Hi all, >> > >> > I recently found glances <https://packages.debian.org/buster/glances> >> > package has added an XMLRPC API server that provides access for remote >> > users. Unfortunately it requires no authentication, and worse, it binds >> to >> > 0.0.0.0, meaning glances API is exposed to the whole network. >> > >> > I suggest that the packager adds a random password on install, and remind >> > the user to change it afterwards. >> >> Can you fill this as regular bug against the package (ideally with >> reportbug otherwise for alterntive >> https://www.debian.org/Bugs/Reporting)? >> >> Regards, >> Salvatore >>
