[debian-mysql] Request for release team decision on MySQL and MariaDB [was: Re: Bug#793316: Bug#793316: transition: mysql-5.6]
Robie Basak
robie.basak at ubuntu.com
Fri Jan 15 14:59:45 UTC 2016
On Thu, Jan 14, 2016 at 10:11:22PM +0100, Moritz Mühlenhoff wrote:
> This is EOD from my side. This has all been discussed to death and
> I won't spend further time on this.
I agree that this has come up many times, but no, this has not been
discussed to death. Every time it comes up, all we ever get is "*sigh*",
"this has been discussed before" and similar sentiments but nobody has
yet been able to point to a publicly archived discussion where you have
actually raised specific addressable points.
I think what you recall is probably the number of times it has been
brought up, as opposed to any time when you have publicly enumerated in
detail exactly what is wrong, because to my knowledge that has not
happened.
> [reordered]
> *sigh* That as already been raised multiple times and it was all reported
> to Oracle at DebConf. Information about specific security issues and
> their mapping to fixes (just like raised by Otto, which explains the
> need very well) need to be publicly available (we're unable and unwilling
> to sign an NDA).
"Information about specific security issues and their mapping to
fixes...need to be publicly available"
Can you expand on this please? If not, can we assume that this is all
that is required, and if Oracle follow this to the letter than you and
the release team will have no further reason to object on "security"
grounds and so MySQL will be able to remain in testing?
"Make it happen first and we'll consider it" is not acceptable. Tell us
exactly what you want, in detail. If you don't then I don't think your
position is reasonable.
You also have not explained why this situation makes MySQL unacceptable,
but MariaDB (which appears to have the same lack of CVE mappings because
MySQL is at least in part its upstream, as shown in the other thread) is
somehow immune.
Thanks,
Robie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20160115/bc820f8b/attachment.sig>
More information about the pkg-mysql-maint
mailing list