[debian-mysql] MariaDB and MySQL security releases
Stewart Smith
stewart at flamingspork.com
Sat Mar 15 00:41:11 UTC 2014
Otto Kekäläinen <otto at seravo.fi> writes:
> 2014-03-14 0:39 GMT+02:00 Stewart Smith <stewart at flamingspork.com>:
>> You cannot generally take the security patches by hand unless Maria is
>> going through all the code changes in Oracle releases and finding out
>> which ones exactly are the security issues. Maybe they are... maybe they
>> aren't.. maybe this will change for MariaDB 10.0, but at least
>> historically for MariaDB 5.5 I haven't seen them doing that.
>
>
> You're right. I can feasibly only hand pick security fixes that are in
> the MariaDB bzr log individual commits and described as security
> fixes. Not all will be like that. So point release updates to stable
> distro releases (as MySQL does) is definitely best and only approach
> to maintaining these packages.
It's also the only realistic approach to ensuring quality - you don't
want to have to replicate all the QA work that MySQL, MariaDB and
Percona Server do for each release for each small security fix patch.
--
Stewart Smith
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20140315/9ead6d6e/attachment.sig>
More information about the pkg-mysql-maint
mailing list