> Le 13/04/2012 12:45, Colin Guthrie a écrit : >> 'Twas brillig, and Maarten Vanraes at 13/04/12 07:28 did gyre and >> gimble: >>> after talking with mariadb people and some others, i'm proposing to >>> update >>> mysql 5.5.10 to mariadb-5.5.23 in mga1. >> >> I would be pretty strongly against this. >> >> I think it's fine we're using mariadb in mga2, but I really don't fancy >> making this switch on a stable distro. >> >> It just seems like a really, really bad idea. Not necessarily >> technically, but in pretty much all other aspects - you have to consider >> how this would be viewed as well - changing something like this for a >> stable distro puts a big question mark over future stability and updates >> etc. too. > Same for me. > > Basically, you're proposing to break the assumption than current policy > ensures end user than a package update from 'updates' repository for > package 'foo' is just a bugfix for 'foo' package. You may have perfectly > valid technical reasons, but you're *silently* changing the rule upon > which people may have established their own policies, which is a very, > very bad idea.
tbh, iinm the rule is that we like to provide only bugfix/security fix patches, but there are exceptions when that isn't possible to update to the full versions fixing this issue. Well, initially i was against this, but the options to actually fix this security bug are quite limited: 1. find all the responsible patches and add them manually ==> this is my preferred option, but seems not doable, and apparently no-one steps in and mysql isn't maintained (officially) 2. do like other distros and fix to higher mysql 5.5.22 which fixes this issue ==> this is totally not preferred for me; A) a big change between mysql 5.5.10 and mysql 5.5.22, which means huge QA load B) this also means that the mga1 -> mga2 upgrade will have to be extensively retested 3. go to the cauldron version that fixes these issues which is mariadb-5.5.23 ==> this is less preferred for me: A) a big change between mysql 5.5.10 and mysql 5.5.22, which means huge QA load B) however the mga1 -> mga2 upgrade has been tested already, so the chance of serious issues arising for this is alot less than normallY. C) since mariadb-5.5.23 is based on mysql-5.5.23, the changes are quite less than would normally be. 4. don't fix this security issue ==> this is also less preferred for me, for obvious reasons. 5. someone has a better idea? considering the response i got, now i'll default to letting someone else handle it, which might mean it never gets fixed. that would also mean for me that mageia1 would be a bad version to get LTS on. I'm open to suggestions... PS: as some people might think it's just a stupid political reason, but it's not. my reasons are detailed above.