[debian-mysql] Offering mysql-5.5 as an option in squeeze-lts
Clint Byrum
spamaps at debian.org
Fri Oct 2 19:02:17 UTC 2015
Excerpts from Raphael Hertzog's message of 2015-09-29 03:06:27 -0700:
> Hello,
>
> currently we are shipping mysql-5.1 which is no longer supported upstream
> and which might have multiple unfixed vulnerabilities (Oracle doesn't
> disclose enough details to either verify it or fix them).
>
> We should really offer squeeze users to switch to a supported version
> of mysql and that would be version 5.5.
>
> Who would like to drive this forward?
>
> As a first step, I would suggest that we backport 5.5.44-0+deb7u1
> for squeeze and we drop the unversioned packages: libmysqld-pic,
> libmysqld-dev, libmysqlclient-dev, mysql-common, mysql-server,
> mysql-client.
>
> The goal is to not rebuild applications, they would continue
> to use the old libmysqlclient16 but would connect to the 5.5
> server.
>
> For mysql-common, it might be necessary to build it from mysql-5.5
> but we should ensure it also works with mysql-5.1...
>
> And then we perform some test upgrades, and some application tests, and
> try to smooth the rough edges. When we're happy we send out a DLA
> indicating that mysql-5.1 is EOL but that they can switch to mysql-5.5
> if they desire (although it requires a manual upgrade).
>
> What do you think ?
I think it's a great idea, but I feel like it's a ton of work that is
already possible by users simply switching to upstream's packages. I feel
like when Oracle refused to provide us with discernible security patches,
they also took responsibility for the users away from us in many ways.
We're doing what we can for stable, but in the lts context, it seems
like a really big job. Perhaps if Oracle were willing to commit some
time to it?
More information about the pkg-mysql-maint
mailing list