blob: 0fe131c7f8faf02afed3351fe00ded85305210d1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20mysql%20CVE%27s%20in%20mga1%20%3D%3E%20have%20it%20update%20to%20mariadb&In-Reply-To=%3C4F884CE6.7040802%40colin.guthr.ie%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="014239.html">
<LINK REL="Next" HREF="014244.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb</H1>
<B>Colin Guthrie</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20mysql%20CVE%27s%20in%20mga1%20%3D%3E%20have%20it%20update%20to%20mariadb&In-Reply-To=%3C4F884CE6.7040802%40colin.guthr.ie%3E"
TITLE="[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb">mageia at colin.guthr.ie
</A><BR>
<I>Fri Apr 13 17:57:26 CEST 2012</I>
<P><UL>
<LI>Previous message: <A HREF="014239.html">[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
</A></li>
<LI>Next message: <A HREF="014244.html">[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#14243">[ date ]</a>
<a href="thread.html#14243">[ thread ]</a>
<a href="subject.html#14243">[ subject ]</a>
<a href="author.html#14243">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>'Twas brillig, and David Walser at 13/04/12 15:31 did gyre and gimble:
><i> The objections to this have been quite unwarranted. It sounds like some people
</I>><i> want to institute a new policy that MySQL security bugs won't be fixed.
</I>><i> Upgrading to newer versions of things isn't ideal, but sometimes it's what has
</I>><i> to be done, because there's no other way, and we already do it sometimes in
</I>><i> other cases. There's no reason this should be any more controversial.
</I>
The proposal here was not just to ship a new version, but to ship a
totally different fork -> mysql -> maridadb (it's even in the subject!).
This is why there have been objections. It's not (primarily at least) to
do with shipping a newer version.
><i> For us, upgrading to MariaDB instead of MySQL 5.5.22 isn't any different than
</I>><i> what those other distros have done. MariaDB is as much a newer version of what
</I>><i> we have now as MySQL 5.5.22 is. They are both derived from the same code base.
</I>><i> Furthermore, the other distros have been able to upgrade it apparently without
</I>><i> even having to rebuild anything else, so the potential for damage seems to not
</I>><i> be so great after all.
</I>
I disagree. It's a totally different package. There are also bugs
relating to how a service package is enabled/disabled on upgrade which
might lead to people having the service enabled when they have
previously specifically disabled it.
Should we then patch and upgrade rpm-helper too to deal with this issue?
We've not even addressed it in Cauldron yet, but then I think it may be
something that users could live with in a distro upgrade, but they
certainly would not expect it from a security update.
This idea just seems wrong for a stable update. Would we have shipped LO
rather than OOo as an update? I don't think so. Would we have shipped
Xorg rather than the old X as an update? I don't think so either. Why
make a special exception for MariaDB?
I would far rather ship a newer MySQL package than (to use a cliche)
change horses in midstream[1]
Col
1. <A HREF="http://www.phrases.org.uk/meanings/115400.html">http://www.phrases.org.uk/meanings/115400.html</A>
--
Colin Guthrie
colin(at)mageia.org
<A HREF="http://colin.guthr.ie/">http://colin.guthr.ie/</A>
Day Job:
Tribalogic Limited <A HREF="http://www.tribalogic.net/">http://www.tribalogic.net/</A>
Open Source:
Mageia Contributor <A HREF="http://www.mageia.org/">http://www.mageia.org/</A>
PulseAudio Hacker <A HREF="http://www.pulseaudio.org/">http://www.pulseaudio.org/</A>
Trac Hacker <A HREF="http://trac.edgewall.org/">http://trac.edgewall.org/</A>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="014239.html">[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
</A></li>
<LI>Next message: <A HREF="014244.html">[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#14243">[ date ]</a>
<a href="thread.html#14243">[ thread ]</a>
<a href="subject.html#14243">[ subject ]</a>
<a href="author.html#14243">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
