[debian-mysql] MariaDB 10.1.38 update pending
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 23 13:41:10 GMT 2019
Hi Otto,
On Fri, Feb 22, 2019 at 01:29:35PM +0200, Otto Kekäläinen wrote:
> Hello!
>
> su 10. helmik. 2019 klo 13.32 Otto Kekäläinen (otto at debian.org) kirjoitti:
> >
> > Anyway, regardless of what you want to to, the MariaDB 10.1.38 without
> > any extras is available at
> > https://salsa.debian.org/mariadb-team/mariadb-10.1/commits/stretch
> > with everything set for upload if you want to make a security upload.
> > Gitlab-CI tests pass and it was already uploaded to Ubuntu 18.04 and
> > no regressions have been found.
> >
> > If we want to postpone this to next stable update and put in some
> > extra bugfixing patches, then that is fine by me. Those patches would
> > go anyway on top of what is in Stretch branch of mariadb-10.1 now.
>
> I tried to research on Feb 10-11th when the next Stretch update is
> scheduled for, but I didn't find any dates announced. Then it was
> however released last weekend. If I would have known that I would have
> pushed this into a stable update..
> Please let me know if there is a stable updates schedule somewhere.
Have a look on https://release.debian.org/ they are usually announced
there (and a post been made by SRM on debian-release at l.d.o and related
interested lists, like debian-security, I think as well debian-boot
etc ...).
I think there is a well a ics file which one can import with the
dates, https://wiki.debian.org/SocialEventAndConferenceCalendars but
this one might be to not contain all dates.
Doe to personal constraints I think I will not be able to review your
changes, but here my opinion: Given the lack of information for the
two CVEs we might be better of to (this time) release a DSA, and in
particular include as well the changes to adress the build failures
(not sure on the others, an imput from SRM if they are okay would be
good I think). At least wo security updates (coturn and dovecot) were
blocked on last point release to enter 9.8 because they picked up the
dependency for mariadb on security, which was then not available on
all previous built architectures.
Mortiz what do you think? Go for a DSA based on the new upstrema
version *and* the other proposed fixes?
Regards,
Salvatore
More information about the pkg-mysql-maint
mailing list