FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Server Development

 
 
LinkBack Thread Tools
 
Old 02-17-2012, 06:36 PM
Alex Esterkin
 
Default MySQL's future in Debian and Ubuntu

All I am asking for is this:* Please, do not substitute packages.* Let mysql-server.deb retain its origin.* Please, add MariaDB under a different name and let the end users decide whether they want to stick with the Oracle's MySQL or to switch to using MariaDB.* If MariaDB is better, faster, more scalable, and more stable, the end users will flock.*** And those who decide to switch to MariaDB would still want to do it on their schedule, as opposed to on the Ubuntu release schedule.



Regards,

Alex Esterkin



On Fri, Feb 17, 2012 at 11:39, Clint Byrum <clint@ubuntu.com> wrote:


Excerpts from Clint Byrum's message of Tue Feb 07 01:50:18 -0800 2012:

> Many of us in the Free and Open Source software community have seen a

> trend regarding Oracle's stewardship of Open source software that it

> inherited when it purchased Sun. In particular there were two fairly

> large public project blow ups that resulted in OpenOffice splintering,

> and the Hudson community (almost?) completely moving to an independent

> fork called Jenkins.

>

> It has been brought to my attention that MySQL may have gone this way

> as well, but in a much more subtle way. This started about a year ago,

> and has only recently really become obvious.

>

> A few notable fellows from the MySQL ecosystem have commented:

>

> Mark Callaghan

> http://mysqlha.blogspot.com/2011/02/where-have-bugs-gone.html

> (read the comments on this one, very informative, and most of the

> commenters are extremely important non-Oracle members of the MySQL

> community)

>

> http://mysqlha.blogspot.com/2011/11/great-work-bug-12704861-was-fixed.html

>

> Stewart Smith:

> http://www.mysqlperformanceblog.com/2011/11/20/bug12704861/

>

> And the CVE's are extremely vague:

>

> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0119

>

> "Unspecified vulnerability in the MySQL Server component in Oracle MySQL

> 5.1.x and 5.5.x allows remote authenticated users to affect availability

> via unknown vectors"

>

> Links to here:

>

> http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

>

> Which links to here:

>

> http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1390289.1

>

> Which requires an account (which I created). I did try to login but got

> some kind of failure..

>

> "Failure of server APACHE bridge:".

>

> The bzr commits for the latest MySQL releases also reference log bug#'s

> that are thought to belong to the private oracle support system, not

> accessible to non-paying customers.

>

> This is all very troubling, as in a Linux distribution, we must be able

> to support our users and track upstream development.

>

> So what should we, the Debian and Ubuntu MySQL maintainers and users,

> do about this?

>

> Well there is a Jenkins to MySQL's Hudson, a LibreOffice to their

> OpenOffice.

>

> MariaDB 5.3, in release-candidate now, is 100% backward compatible with

> MySQL 5.1. It also includes a few speedups and features that can be found

> in MySQL 5.5 and Percona Server. It is developed 100% in the open, on

> launchpad.net, including a public bug tracker and up to date bzr trees

> of the code.

>

> http://mariadb.org

> https://launchpad.net/maria

>

> I'm writing to the greater Debian and Ubuntu community to ask for your

> thoughts on a proposal to drop MySQL in favor of MariaDB. Its clear to

> me that Oracle is not going to do work in the open, and this will become

> a huge support burden for Linux distributions. The recent CVE's had to

> be hunted down and investigated at great difficulty to several people,

> since the KB articles referenced and the internal Oracle bug numbers

> referenced were not available.

>

> This will only get harder as the community bug tracker gets further out

> of sync with the private one.

>

> There is some need to consider acting quickly:

>

> Ubuntu precise, the next LTS release of Ubuntu will be hitting feature

> freeze on Feb. 16. The release, due in April, will be supported with

> security updates for 5 years. That may be 5 long years of support if

> MySQL continues to obscure things.

>

> Debian wheezy is still quite far off, but it is critical that this be

> done and decided by the time the release freeze begins.

>

> So, here is a suggested plan, given the facts above:

>

> * Upload mariadb 5.3 to Debian experimental, with it providing

> mysql-server, mysql-client, and libmysqlclient-dev.

>

> * For Ubuntu users, upload these packages to a PPA for testing

> applications for compatibility, and rebuild testing.

>

> * If testing goes well, replace mysql-5.5 with mariadb in both Debian

> unstable and Ubuntu precise. If there are reservations about switching

> this late in precise's cycle, ship mysql-5.5 in precise, and push off

> Ubuntu's transition until the next cycle.

>

> Before I strike out on this path alone, which, I understand, may sound

> a bit radical, I want to hear what you all think.

>

> Thank you for your time and consideration.



Thanks everyone for all of the thoughts and the great discussion that

has taken place since my original message.



As a smart person once said, "The plan is nothing, Planning is

everything."



In the course of looking at this from many different angles, I think

I have come to understand the different facets of the problem and the

situation that Debian and Ubuntu are in with regard to MySQL.



To re-cap, the original suggestion was that we might "replace" MySQL with

MariaDB in Debian and Ubuntu. This was somewhat ambiguous, and probably

needed clarification. My intention was to suggest that MariaDB would be

the database that Ubuntu supports, not that MySQL would be removed from

Debian or Ubuntu. If it still meets the requirements for inclusion in

either distribution, it should remain there.



In discussing this with various parties, it has become clear that Oracle

does not intend to change their policy on security updates, and will

continue to keep them hidden. This is unfortunate for the model that

Debian and Ubuntu have traditionally taken for MySQL, which was to just

cherry pick security fixes, and avoid importing all of the incompatible

changes that get introduced on a regular basis.



However, the code is still Free, and the releases are still available to

us with the fixes in them. We are not exposing Debian or Ubuntu users

to any new dangers. For this reason, as a conservative step, it seems

clear that for Precise Pangolin (the upcoming 12.04 release of Ubuntu),

we should continue to release with MySQL 5.5. I do expect that this may

be a somewhat painful decision, as we will be forced to release any bug

fix release from Oracle as a whole update. However, it is less of a risk

than switching out for a totally new code base with more than half of

the release cycle done.



In order to prepare for a potential promotion of MariaDB and/or Percona

Server to Ubuntu main, I am going to work toward getting them both into

the Ubuntu and Debian archives ASAP. Because we are past feature freeze

in Ubuntu, there is no guarantee that they will ship with precise in

universe. I will make sure that they are able to replace the precise

mysql package in such a way where we can put them in to our backports

repository and have them available to precise users for testing.



I think this will give users a "way out" if they do not want to stay

on the track of running the latest patch release of MySQL all of the

time. Of course, users can also just get these packages from Percona or

the MariaDb project directly until this is complete.



For Debian, I think its clear that MySQL should stay in Debian. What

is not clear is how much of my time and other maintainers' time will be

spent on it going forward. I think that is up for individual contributors

to decide. I will continue to spend time to make sure that the Debian

packages stay in sync with whatever goodness we have added to the Ubuntu

packages as time permits.



Long term, we need to have a frank and open discussion about how important

it is to us, and our users, that we cherry pick fixes rather than ship

upstream releases. I'd like to invite everyone who is interested in

solving this in Ubuntu and Debian to join us at the next Ubuntu Developer

Summit in Oakland, CA, USA, the week of May 7th - May 11th. More details

can be found here:



http://uds.ubuntu.com/



Watch the ubuntu-server mailing list[1] for details on how to join

the discussion.



-Clint



[1] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server



--

MySQL Internals Mailing List

For list archives: http://lists.mysql.com/internals

To unsubscribe: * *http://lists.mysql.com/internals





--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 02-21-2012, 05:47 PM
Aaron Kincer
 
Default MySQL's future in Debian and Ubuntu

Most enterprise users I've seen usually standardize on commercially
supported databases (whether open source or not). If they are actually using a non-supported version
of open source software, they're rolling their own if they are worried about version changes or distro supplied patches mucking things up. Otherwise, they just roll with the patches/version changes after putting them through the paces of their dev/test machines.




Unless I'm mistaken, LTS releases have 3 years of support beyond the
next LTS release date. Given this, you have three years to do
compatibility testing with your apps against whatever default DB is
shipping in the next release and/or develop an alternate plan. You're
going to have to do this testing anyway. If it takes more than three
years to figure out what you need to do, you're doing it wrong.



Given that the options being discussed are free for download and in the
case of MariaDB, you can do a drop in replacement on an existing 10.04
MySQL box so you can start testing now on your dev/test boxes/VMs.

On Thu, Feb 16, 2012 at 1:33 PM, Alex Esterkin <aesterkin@gmail.com> wrote:

As an end user, I would most strongly dislike this.* You clearly don't understand how corporate users think and operate, how they work with open source technologies, and how they plan and evolve their technical roadmaps.*




Last year Ubuntu inflicted enough damage on itself by messing up with UI and display management.* Replacing OpenOffice with LibreOffice was not a success story either.**

A year ago I had plans to migrate my remaining CentOS and Debian servers and test environments to Ubuntu and I recommended using Ubuntu for a couple of server appliance products we had in the works.* These plans were revisited and revised in the fall, based on revised Linux distro release and roadmap assessment.*




As far as MySQL is concerned, I don't care at this point what your Ubuntu server distro plans are, as I have already migrated away from Ubuntu.*

However, if the discussion about replacing MySQL also spreads into the Fedora Project and CentOS communities, that would give me a very good reason for migrating/porting MySQL apps and products to Postgres.**




Regards,

Alex Esterkin,
*** Former Chief Architect, Infobright

On Tue, Feb 7, 2012 at 04:37, Clint Byrum <clint@ubuntu.com> wrote:



Many of us in the Free and Open Source software community have seen a

trend regarding Oracle's stewardship of Open source software that it

inherited when it purchased Sun. In particular there were two fairly

large public project blow ups that resulted in OpenOffice splintering,

and the Hudson community (almost?) completely moving to an independent

fork called Jenkins.



It has been brought to my attention that MySQL may have gone this way

as well, but in a much more subtle way. This started about a year ago,

and has only recently really become obvious.



A few notable fellows from the MySQL ecosystem have commented:



Mark Callaghan

http://mysqlha.blogspot.com/2011/02/where-have-bugs-gone.html

(read the comments on this one, very informative, and most of the

commenters are extremely important non-Oracle members of the MySQL

community)



http://mysqlha.blogspot.com/2011/11/great-work-bug-12704861-was-fixed.html



Stewart Smith:

http://www.mysqlperformanceblog.com/2011/11/20/bug12704861/



And the CVE's are extremely vague:



http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0119



"Unspecified vulnerability in the MySQL Server component in Oracle MySQL

5.1.x and 5.5.x allows remote authenticated users to affect availability

via unknown vectors"



Links to here:



http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html



Which links to here:



http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1390289.1



Which requires an account (which I created). I did try to login but got

some kind of failure..



"Failure of server APACHE bridge:".



The bzr commits for the latest MySQL releases also reference log bug#'s

that are thought to belong to the private oracle support system, not

accessible to non-paying customers.



This is all very troubling, as in a Linux distribution, we must be able

to support our users and track upstream development.



So what should we, the Debian and Ubuntu MySQL maintainers and users,

do about this?



Well there is a Jenkins to MySQL's Hudson, a LibreOffice to their

OpenOffice.



MariaDB 5.3, in release-candidate now, is 100% backward compatible with

MySQL 5.1. It also includes a few speedups and features that can be found

in MySQL 5.5 and Percona Server. It is developed 100% in the open, on

launchpad.net, including a public bug tracker and up to date bzr trees

of the code.



http://mariadb.org

https://launchpad.net/maria



I'm writing to the greater Debian and Ubuntu community to ask for your

thoughts on a proposal to drop MySQL in favor of MariaDB. Its clear to

me that Oracle is not going to do work in the open, and this will become

a huge support burden for Linux distributions. The recent CVE's had to

be hunted down and investigated at great difficulty to several people,

since the KB articles referenced and the internal Oracle bug numbers

referenced were not available.



This will only get harder as the community bug tracker gets further out

of sync with the private one.



There is some need to consider acting quickly:



Ubuntu precise, the next LTS release of Ubuntu will be hitting feature

freeze on Feb. 16. The release, due in April, will be supported with

security updates for 5 years. That may be 5 long years of support if

MySQL continues to obscure things.



Debian wheezy is still quite far off, but it is critical that this be

done and decided by the time the release freeze begins.



So, here is a suggested plan, given the facts above:



* Upload mariadb 5.3 to Debian experimental, with it providing

mysql-server, mysql-client, and libmysqlclient-dev.



* For Ubuntu users, upload these packages to a PPA for testing

applications for compatibility, and rebuild testing.



* If testing goes well, replace mysql-5.5 with mariadb in both Debian

unstable and Ubuntu precise. If there are reservations about switching

this late in precise's cycle, ship mysql-5.5 in precise, and push off

Ubuntu's transition until the next cycle.



Before I strike out on this path alone, which, I understand, may sound

a bit radical, I want to hear what you all think.



Thank you for your time and consideration.



--

Clint Byrum <clint@ubuntu.com>

Ubuntu Server Team

Debian MySQL Packaging Team




--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 02-21-2012, 10:42 PM
Henrik Ingo
 
Default MySQL's future in Debian and Ubuntu

On Fri, Feb 17, 2012 at 3:45 PM, Axel Schwenke <axel@askmonty.org> wrote:
>> But to put things in context, in MySQL 5.0 series the situation was
>> the opposite: The bugs were public but the publicly released *and GPL
>> licensed bug fixes would be up to 6 months delayd in favor of paying
>> customers getting them instantly. In some ways, the current situation
>> is still better than back then.
>
> This is a very weird statement. Oracle does not release GPL versions more
> often than MySQL AB did. In fact Oracle does not make any promise to ever
> produce GPL bugfix releases. It's completely at their discretion.
>

See "Community Server" releases in
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html

MySQL AB had a commitment to do a Community release every six months,
it happened that they failed on that commitment and the gaps were
longer.

Since MySQL 5.1 they started releasing Community and Enterprise
releases in sync, every month. This had nothing to do with Oracle, it
was still under Sun watch.

It's perhaps not so relevant to this discussion, though, just some
historical perspective.

> For projects like Debian that build their own binaries and are not dependent
> on complete releases (but rather a stream of patches) the current situation
> with Oracle is clearly a step back.

When 5.1 went GA, we had both the bugs and the fixes, so I agree.

henrik

--
henrik.ingo@avoinelama.fi
+358-40-8211286 skype: henrik.ingo irc: hingo
www.openlife.cc

My LinkedIn profile: http://www.linkedin.com/profile/view?id=9522559

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 

Thread Tools




All times are GMT. The time now is 12:56 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org