mysql-5.7 (5.7.20-2) unstable; urgency=medium Further to the change described in the previous NEWS entry, we now no longer prompt for the root password by default; the debconf priority for this question has been lowered to "medium". Rationale: in the "localhost" case, setting a root password is no longer appropriate security practice. Unix socket authentication should be used instead, and this operates automatically and by default when the root password is not set. Users who require remote access to the MySQL server can still set a root password by requesting lower priority debconf prompts. -- Robie Basak Fri, 12 Jan 2018 11:45:00 +0100 mysql-5.7 (5.7.13-1~exp1) experimental; urgency=medium Password behaviour when the MySQL root password is empty has changed. Packaging now enables socket authentication when the MySQL root password is empty. This means that a non-root user can't log in as the MySQL root user with an empty password. The new logic is as follows: - The auth_socket plugin will be installed automatically only if it is to be activated for the root user. - The auth_socket plugin will be activated for the root user: + If you had a database before with an empty root password. + If you create a new database with an empty root password. - The auth_socket plugin will NOT be activated for the root user: + If you had a database before with a root password set. + If you create a new database with a root password set. - The auth_socket plugin will NOT be activated for any other user. - If you do not want the new behaviour, set the MySQL root password to be non-empty. The MySQL server now uses strict mode by default. See http://dev.mysql.com/doc/refman/5.7/en/sql-mode.html#sql-mode-strict for details. See http://dev.mysql.com/doc/refman/5.6/en/sql-mode.html#sql-mode-setting for details about the default settings in older versions. -- Robie Basak Fri, 15 Jul 2016 03:15:14 +0200