Hello,
While I appreciate the feedback and encourage open discussion about anything, this included, I must say I disagree and I'll explain why:
The message, IMHO, does explain what the file is, it says "This answers file can be used to silently-install re-install this machine or deploy other hosts in your cluster." If you feel that is not clear enough, I am certainly willing to hear suggestions for a better phrasing.
In regards to the permissions, the person installing does not need to secure anything, the file is already permissioned with 600 root.root and so, unless you are root, you cannot read it. If you are root, you don't need it. You can launch your MySQL daemon using:
# mysqld_safe --skip-grant-tablesAnd MySQL will be let you login and be the super user without prompting for a passwd.
Also, and this is true to any system that uses a DB, Kaltura, Wordpress, Drupal, whatever, the DB user and passwd must be kept in a file that is accessible to the system, meaning the apache user [or any other web server you use] MUST have at least read permissions to the file and in some cases, even write permissions to facilitate editing it from the web I/F, something I personally find to be bad practice but security is often scarified in the name of convenience.
You can use keys for DB login instead of passwords, of course but in that case, again, the key MUST be in a file readable to the webserver user or whatever user runs the code.
And so, there is no way around keeping passwds in files, the important part is to grant permissions very sporadically and only to those who really need them, which is what we do.
Note also that the Kaltura installation only uses the root passwd in order to create a 'kaltura' DB user which ONLY has admin privileges on Kaltura related DBs.
Hope this helps clarify things,