[debian-mysql] MariaDB and MySQL security releases

[Stewart Smith]

Otto Kekäläinen <otto at seravo.fi> writes:
> I am still reasearching if MariaDB promises the same 8 year support
> cycle as MySQL, but otherwise all the points listed at
> https://lists.ubuntu.com/archives/technical-board/2014-February/001812.html
> apply for MariaDB as well.

Also MariaDB is going to have latency for fixes introduced in a new
Oracle release. It's the same for Percona Server too, but seeing as the
delta is less, there can be a smaller delay.

Last time I looked for a MariaDB support period it was kind of
unofficially "everything forever", which obviously isn't the case and
won't be the case....

> I or James should probalby file a MRE for Ubuntu
> (https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions)
>
> Is there something similar in Debian? Didn't find by googling quickly.
> Manually taking the security patches from MariaDB bzr and releasing
> our own custom security updates for Debian would be quite a lot of
> work, so I hope that after Debian stable (or new version of Ubuntu)
> gets released I will be able to push the point releases into stable
> via -updates or -security.

You cannot generally take the security patches by hand unless Maria is
going through all the code changes in Oracle releases and finding out
which ones exactly are the security issues. Maybe they are... maybe they
aren't.. maybe this will change for MariaDB 10.0, but at least
historically for MariaDB 5.5 I haven't seen them doing that.

-- 
Stewart Smith
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20140314/fae41f26/attachment-0001.sig>