[debian-mysql] Request for release team decision on MySQL and MariaDB [was: Re: Bug#793316: Bug#793316: transition: mysql-5.6]
Robie Basak
robie.basak at ubuntu.com
Mon Jan 11 20:14:06 UTC 2016
On Mon, Jan 11, 2016 at 07:27:30PM +0100, Moritz Mühlenhoff wrote:
> *Sigh*. And that is exactly the problem (and we've already pointed this
> out at DebConf half a year ago)
>
> We should really go ahead and move forward, the freeze isn't terribly far away.
I don't think it's reasonable to use a security question raised by
MariaDB as an excuse to kick out MySQL. Because whether you do so or
not, your situation with getting information about CVEs in relation to
MariaDB will not change.
Let's treat the situation with each on their own merits and be
constructive about this.
If you have a problem with Oracle's disclosure of security
vulnerabilities then please frame that in terms of the MySQL packaging.
That *is* something that might be able to be addressed directly by
Oracle, and if it does get addressed then MariaDB's situation could
improve too, and Debian wins.
So please: the security team needs to engage directly with Oracle by
responding to Norvald's email and enumerating exactly what is wrong.
Otherwise nobody can reasonably claim about what Oracle is not doing in
relation to security, because the security team refuses to say what the
problem is.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20160111/429120c4/attachment.sig>
More information about the pkg-mysql-maint
mailing list