Mitigation for issue2551246 -u opton to roundup-admin The -u option ignores the password and doesn't limit access to the data. Not a huge issue as currently anybody running it must have read access to the tracker home and all the credentials. So they can change the data directly using a db client or read anything they want. But this wasn't documented. Now it is.