[Mageia-dev] mysql CVE's in mga1 => have it update to mariadb

nicolas vigier boklm at mars-attacks.org
Fri Apr 13 18:01:33 CEST 2012


On Fri, 13 Apr 2012, David Walser wrote:

> AL13N <alien at ...> writes:
> > 5. someone has a better idea?
> > 
> > considering the response i got, now i'll default to letting someone else
> > handle it, which might mean it never gets fixed. that would also mean for
> > me that mageia1 would be a bad version to get LTS on.
> 
> The objections to this have been quite unwarranted.  It sounds like some people
> want to institute a new policy that MySQL security bugs won't be fixed.

That was objections against migrating from mysql to mariadb in a stable
release updates.

Stable updates are supposed to include minimal changes in packages in
order to fix the issues. This means using patches to fix the issues and
nothing else, if possible, or update to the version that fix the issues
with the least unrelated changes when it's too difficult to have
individual patchs for each issue.

MySQL 5.5.22 is the last version available in 5.5.x branch, including
various bugfix and other changes. And if I understand correctly, MariaDB
5.5.x is the same thing as MySQL 5.5.x, but with several new features,
optimizations and other changes :
http://kb.askmonty.org/en/what-is-mariadb-55
http://kb.askmonty.org/en/what-is-mariadb-53

I don't see any reason why we should update to mariadb instead of MySQL
5.5.22. It includes the same changes as mysql 5.5.10 -> 5.5.22, and adds
several other changes that we don't want in a stable update.



More information about the Mageia-dev mailing list