[debian-mysql] [Summary] Request for release team decision on MySQL and MariaDB

Holger Levsen holger at layer-acht.org
Tue Jan 26 10:45:32 UTC 2016 

Hi,

On Dienstag, 26. Januar 2016, Clint Byrum wrote:
> However, I have confidence that our friends in the MySQL engineering
> team can frame the loss of the last foothold for MySQL in Linux distros
> as a direct path toward _less_ money for Oracle.

why do you think so? I mean, doesn't less Mysql mean more OracleDB, thus 
*more* money for Oracle? ;)

(I'm not saying that's the case either, I was merely explaining why I'm 
surprised abour your confidence.)

> So if we can just be
> patient with them, and actually facilitate their participation in this
> grand community of Debian, it's possible that a compromise can be found.

Oracle bought Sun in 2010, so personally I don't see how we should be more 
patient, especially because… the following aint anything new nor special…
 
> Meanwhile, I'd like to challenge someone to point to the exact requirement
> from any official source affiliated with Debian as to what constitutes
> an acceptable level of disclosure for a package to remain in the archive.

sigh.

go to https://security-tracker.debian.org/tracker/source-package/mysql-5.5 and 
count occurances of the string "Unspecified vulnerability", if you do this 
with iceweasel it will not even tell you the exact number of matches, just 
"over 100".

Now go to https://security-tracker.debian.org/tracker/source-package/mysql-5.6 
and do the same. The count is at 66 here, but the counter only started 2015.

So, once again: the exact requirement to be considered is: publish specific 
information about specific vulnerabilities. Provide meaningful patches for 
each specific issue.

Don't release updates with 23 or 42 fixes bundled together with basically no 
explainations whatsoever.

And/but this is nothing new and it's very very tiring having to explain this, 
again and again and still in 2016. It's not like we havent discussed this in 
2014, 2013, 2012 and probably also 2011 and 2010.


cheers,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20160126/05555931/attachment.sig>

More information about the pkg-mysql-maint mailing list