[debian-mysql] Fwd: osmalchemy is marked for autoremoval from testing

Otto Kekäläinen otto at debian.org
Thu Jan 12 23:33:08 UTC 2017


2017-01-12 23:38 GMT+02:00 Kristian Nielsen <knielsen at knielsen-hq.org>:
> If I understand the issue here, this is nothing to do with MariaDB being or
> not being a drop-in for MySQL. The problem seems to be this patch in the
> Debian packaging:
>
>   https://github.com/ottok/mariadb-10.1/blob/master/debian/patches/mdev-8375-passwordless-root-via-socket-auth.patch
>
> The idea is to make the default install of package mariadb-server-10.1 use
> socket authentication for the root user, which seems fine. But the patch
> seems completely wrong. Rather than adding needed functionality to enable
> postinst to setup socket auth, instead it hardcodes this decision into
> mysql_install_db, which breaks other users.

Thanks for chipping in Kristian. Indeed the idea of using unix socket
auth has been planned by both MariaDB and MySQL maintainers. It's just
that in MariaDB it got already implemented, in fact over a year ago:
https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.1.git/commit/?id=ab63132b5fb4c2692f7a56f84b1c191c3c3cc9e0

Funny that the use case you describe Dominic did not come up earlier.
The purpose of this change is to get everybody to impove their
security and move to using new passwordless practices. Are we now sure
there is no way to change mysql-ruby2 to utilize socket auth, or
create a test user that has no plugin defined, or something else?

On a quick look the solution suggested by Kristian looks OK. I will
eventually do something to implement and test it, but if somebody has
time to do it right now and send me a git merge request (or Github
pull request) then things would progress much faster.

- Otto



More information about the pkg-mysql-maint mailing list