The following reply was made to PR pkg/35141; it has been noted by GNATS.

From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: Matthias Scheler <tron@NetBSD.org>
Cc: NetBSD GNATS <gnats-bugs@NetBSD.org>
Subject: Re: PR/35141 CVS commit: pkgsrc/databases/phpmyadmin
Date: Mon, 27 Nov 2006 19:13:19 +0100

 On Mon, Nov 27, 2006 at 05:53:30PM +0000, Matthias Scheler wrote:
 > On Mon, Nov 27, 2006 at 05:50:03PM +0000, Joerg Sonnenberger wrote:
 > >  Infact, looking at the content a bit more, I see *no* reason for
 > >  non-default permissions here.
 > 
 > The configuration usually contains the admin password for the MySQL server.
 > So it should be only readable by the webserver user.
 
 There are at least two different configurations for phpmyadmin: with
 default authentication and without. This applies only to the former
 (which IMO should be discouraged as default). Independent of that, it
 applies only to the mod_php, as e.g. fastcgi allows running PHP as any
 user and the webserver should not have access permissions on the file
 for that case.
 
 Shall I fill a separate PR for this? :-)
 
 Joerg