[debian-mysql] [Summary] Request for release team decision on MySQL and MariaDB

Norvald H. Ryeng norvald.ryeng at oracle.com
Thu Jan 28 14:06:18 UTC 2016 

On Wed, 27 Jan 2016 21:30:09 +0100, Steven Chamberlain  
<steven at pyro.eu.org> wrote:

> And apart from sponsoring Debian packaging work, Oracle seems
> conspicuously missing from:
> http://debconf16.debconf.org/sponsors.html
> http://debconf15.debconf.org/
> https://www.debian.org/mirror/sponsors
> https://www.freexian.com/en/services/debian-lts.html

I don't want to link discussions of financial sponsorship with the fact  
that MySQL is in Debian or with the activities in the Debian MySQL  
maintainer team. Let us please keep those separate. If you want to discuss  
sponsorship, please let's do so in a completely different thread and on  
its own merits.

That said, I want to correct a small factual error:

MySQL was a silver sponsor of DebConf15 and is listed as such. I attended  
the conference and had a great time. In fact, I was the only member of the  
Debian MySQL maintainer team to attend.

> Clint Byrum wrote:
>> [...] if it were written down somewhere as an actual policy. [...]
>
> Norvald H. Ryeng wrote:
>> Tell us exactly what you want, in detail. If you don't then I don't
>> think your position is reasonable.

I don't recognize those words, and it's not in the style I usually express  
myself. Are you paraphrasing?

> Robie Basak wrote:
>> So please: the security team needs to engage directly with Oracle by
>> responding to Norvald's email and enumerating exactly what is wrong.
>
> I don't see that Debian has to do that, at all.  Other upstream projects
> seem to 'just get it', so Oracle management is really expecting special
> treatment.  IMHO I respond to bad dealings with a company by shopping
> elsewhere, not helping them improve their business practices.

I'm not management, but no, we're not expecting special treatment. We're  
asking to know what the requirements that apply to all packages in the  
archive are. Changing security policies/practices is not done easily, and  
our users expect stability and predictability in this area. If Debian  
wants our policies/practice to change, presenting the requirements is the  
first step.

My job is to gather those requirements and present the complete story to  
management so that they can make a decision. If I have to go back to  
management again and again and ask for change because I uncover new  
requirements, I haven't done my job.

But we got some great news yesterday: the security team is working on at  
set of guidelines. I'm glad they do, and I look forward to a chance at  
finally resolving this. I'm optimistic.

Regards,

Norvald H. Ryeng

More information about the pkg-mysql-maint mailing list