[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb

Guillaume Rousse guillomovitch at gmail.com
Fri Apr 13 12:52:55 CEST 2012

Le 13/04/2012 12:45, Colin Guthrie a écrit :
> 'Twas brillig, and Maarten Vanraes at 13/04/12 07:28 did gyre and gimble:
>> after talking with mariadb people and some others, i'm proposing to update
>> mysql 5.5.10 to mariadb-5.5.23 in mga1.
> I would be pretty strongly against this.
> I think it's fine we're using mariadb in mga2, but I really don't fancy
> making this switch on a stable distro.
> It just seems like a really, really bad idea. Not necessarily
> technically, but in pretty much all other aspects - you have to consider
> how this would be viewed as well - changing something like this for a
> stable distro puts a big question mark over future stability and updates
> etc. too.
Same for me.

Basically, you're proposing to break the assumption than current policy 
ensures end user than a package update from 'updates' repository for 
package 'foo' is just a bugfix for 'foo' package. You may have perfectly 
valid technical reasons, but you're *silently* changing the rule upon 
which people may have established their own policies, which is a very, 
very bad idea.

BOFH excuse #274:

It was OK before you touched it.

More information about the Mageia-dev mailing list