From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2012-April/014243.html | 144 ++++++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 zarb-ml/mageia-dev/2012-April/014243.html (limited to 'zarb-ml/mageia-dev/2012-April/014243.html') diff --git a/zarb-ml/mageia-dev/2012-April/014243.html b/zarb-ml/mageia-dev/2012-April/014243.html new file mode 100644 index 000000000..0fe131c7f --- /dev/null +++ b/zarb-ml/mageia-dev/2012-April/014243.html @@ -0,0 +1,144 @@ + + + + [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb + + + + + + + + + +

[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb

+ Colin Guthrie + mageia at colin.guthr.ie +
+ Fri Apr 13 17:57:26 CEST 2012 +

+
+ +
'Twas brillig, and David Walser at 13/04/12 15:31 did gyre and gimble:
+> The objections to this have been quite unwarranted.  It sounds like some people
+> want to institute a new policy that MySQL security bugs won't be fixed.
+> Upgrading to newer versions of things isn't ideal, but sometimes it's what has
+> to be done, because there's no other way, and we already do it sometimes in
+> other cases.  There's no reason this should be any more controversial.
+
+The proposal here was not just to ship a new version, but to ship a
+totally different fork -> mysql -> maridadb (it's even in the subject!).
+
+This is why there have been objections. It's not (primarily at least) to
+do with shipping a newer version.
+
+> For us, upgrading to MariaDB instead of MySQL 5.5.22 isn't any different than
+> what those other distros have done.  MariaDB is as much a newer version of what
+> we have now as MySQL 5.5.22 is.  They are both derived from the same code base.
+> Furthermore, the other distros have been able to upgrade it apparently without
+> even having to rebuild anything else, so the potential for damage seems to not
+> be so great after all.
+
+I disagree. It's a totally different package. There are also bugs
+relating to how a service package is enabled/disabled on upgrade which
+might lead to people having the service enabled when they have
+previously specifically disabled it.
+
+Should we then patch and upgrade rpm-helper too to deal with this issue?
+We've not even addressed it in Cauldron yet, but then I think it may be
+something that users could live with in a distro upgrade, but they
+certainly would not expect it from a security update.
+
+
+This idea just seems wrong for a stable update. Would we have shipped LO
+rather than OOo as an update? I don't think so. Would we have shipped
+Xorg rather than the old X as an update? I don't think so either. Why
+make a special exception for MariaDB?
+
+I would far rather ship a newer MySQL package than (to use a cliche)
+change horses in midstream[1]
+
+Col
+
+1. http://www.phrases.org.uk/meanings/115400.html
+
+
+-- 
+
+Colin Guthrie
+colin(at)mageia.org
+http://colin.guthr.ie/
+
+Day Job:
+  Tribalogic Limited http://www.tribalogic.net/
+Open Source:
+  Mageia Contributor http://www.mageia.org/
+  PulseAudio Hacker http://www.pulseaudio.org/
+  Trac Hacker http://trac.edgewall.org/
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1