Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu Server Development (http://www.linux-archive.org/ubuntu-server-development/)
-   -   MySQL's future in Debian and Ubuntu (http://www.linux-archive.org/ubuntu-server-development/629800-mysqls-future-debian-ubuntu.html)

Clint Byrum 02-07-2012 08:50 AM

MySQL's future in Debian and Ubuntu
 
Many of us in the Free and Open Source software community have seen a
trend regarding Oracle's stewardship of Open source software that it
inherited when it purchased Sun. In particular there were two fairly
large public project blow ups that resulted in OpenOffice splintering,
and the Hudson community (almost?) completely moving to an independent
fork called Jenkins.

It has been brought to my attention that MySQL may have gone this way
as well, but in a much more subtle way. This started about a year ago,
and has only recently really become obvious.

A few notable fellows from the MySQL ecosystem have commented:

Mark Callaghan
http://mysqlha.blogspot.com/2011/02/where-have-bugs-gone.html
(read the comments on this one, very informative, and most of the
commenters are extremely important non-Oracle members of the MySQL
community)

http://mysqlha.blogspot.com/2011/11/great-work-bug-12704861-was-fixed.html

Stewart Smith:
http://www.mysqlperformanceblog.com/2011/11/20/bug12704861/

And the CVE's are extremely vague:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0119

"Unspecified vulnerability in the MySQL Server component in Oracle MySQL
5.1.x and 5.5.x allows remote authenticated users to affect availability
via unknown vectors"

Links to here:

http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

Which links to here:

http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1390289.1

Which requires an account (which I created). I did try to login but got
some kind of failure..

"Failure of server APACHE bridge:".

The bzr commits for the latest MySQL releases also reference log bug#'s
that are thought to belong to the private oracle support system, not
accessible to non-paying customers.

This is all very troubling, as in a Linux distribution, we must be able
to support our users and track upstream development.

So what should we, the Debian and Ubuntu MySQL maintainers and users,
do about this?

Well there is a Jenkins to MySQL's Hudson, a LibreOffice to their
OpenOffice.

MariaDB 5.3, in release-candidate now, is 100% backward compatible with
MySQL 5.1. It also includes a few speedups and features that can be found
in MySQL 5.5 and Percona Server. It is developed 100% in the open, on
launchpad.net, including a public bug tracker and up to date bzr trees
of the code.

http://mariadb.org
https://launchpad.net/maria

I'm writing to the greater Debian and Ubuntu community to ask for your
thoughts on a proposal to drop MySQL in favor of MariaDB. Its clear to
me that Oracle is not going to do work in the open, and this will become
a huge support burden for Linux distributions. The recent CVE's had to
be hunted down and investigated at great difficulty to several people,
since the KB articles referenced and the internal Oracle bug numbers
referenced were not available.

This will only get harder as the community bug tracker gets further out
of sync with the private one.

There is some need to consider acting quickly:

Ubuntu precise, the next LTS release of Ubuntu will be hitting feature
freeze on Feb. 16. The release, due in April, will be supported with
security updates for 5 years. That may be 5 long years of support if
MySQL continues to obscure things.

Debian wheezy is still quite far off, but it is critical that this be
done and decided by the time the release freeze begins.

So, here is a suggested plan, given the facts above:

* Upload mariadb 5.3 to Debian experimental, with it providing
mysql-server, mysql-client, and libmysqlclient-dev.

* For Ubuntu users, upload these packages to a PPA for testing
applications for compatibility, and rebuild testing.

* If testing goes well, replace mysql-5.5 with mariadb in both Debian
unstable and Ubuntu precise. If there are reservations about switching
this late in precise's cycle, ship mysql-5.5 in precise, and push off
Ubuntu's transition until the next cycle.

Before I strike out on this path alone, which, I understand, may sound
a bit radical, I want to hear what you all think.

Thank you for your time and consideration.

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Paul Graydon 02-07-2012 09:17 AM

MySQL's future in Debian and Ubuntu
 
On 2/6/2012 11:50 PM, Clint Byrum wrote:

I'm writing to the greater Debian and Ubuntu community to ask for your
thoughts on a proposal to drop MySQL in favor of MariaDB. Its clear to
me that Oracle is not going to do work in the open, and this will become
a huge support burden for Linux distributions. The recent CVE's had to
be hunted down and investigated at great difficulty to several people,
since the KB articles referenced and the internal Oracle bug numbers
referenced were not available.

I would be in agreement with this. MariaDB is showing significant
momentum for putting real improvements down. MySQL seems to be spending
a lot of time ignoring old bugs (like the microseconds storage bug that
took them something like 7 years to fix, but every other fork fixed
quickly). From an attitude that seemed to start under Sun and get worse
under Oracle, there are a startling number of old bugs that are just
languishing around for a disturbing number of years (just looking at
ones with state Verified :
http://bugs.mysql.com/search.php?cmd=display&bug_type=Server&status=Veri fied&os=0&bug_age=0&order_by=date&direction=ASC&li mit=100&begin=0
<http://bugs.mysql.com/search.php?cmd=display&bug_type=Server&status=Veri fied&os=0&bug_age=0&order_by=date&direction=ASC&li mit=100&begin=0>).
Monty and the MariaDB team are highly responsive, and easy to contact
through multiple mediums (always folks around in the #mariadb channel on
Freenode). They're already doing things like drastically overhauling
the query engine to finally make things like JOIN statements perform
significantly faster.


Paul

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

02-07-2012 11:32 AM

MySQL's future in Debian and Ubuntu
 
>

> This will only get harder as the community bug tracker gets further
out

> of sync with the private one.

>

> There is some need to consider acting quickly:

>

...

>

> Before I strike out on this path alone, which, I understand, may sound

> a bit radical, I want to hear what you all think.

>

> Thank you for your time and consideration.

>



For all I've read on the subject during the past years,
I think it would be a great move - but my opinion counts only for about
20 servers :-).--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Marc Deslauriers 02-07-2012 12:04 PM

MySQL's future in Debian and Ubuntu
 
On Tue, 2012-02-07 at 01:50 -0800, Clint Byrum wrote:
> I'm writing to the greater Debian and Ubuntu community to ask for your
> thoughts on a proposal to drop MySQL in favor of MariaDB. Its clear to
> me that Oracle is not going to do work in the open, and this will become
> a huge support burden for Linux distributions. The recent CVE's had to
> be hunted down and investigated at great difficulty to several people,
> since the KB articles referenced and the internal Oracle bug numbers
> referenced were not available.
>
> This will only get harder as the community bug tracker gets further out
> of sync with the private one.

As a member of the security team, I think Oracle's move to a private bug
tracker and not publishing details on the security issues is a disaster
for Linux distributions attempting to maintain MySQL.

I would support moving to a project that still does development in the
open and is not actively trying to hide details of security issues.

Marc.



--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

"Fabio T. Leitao" 02-11-2012 09:47 PM

MySQL's future in Debian and Ubuntu
 
I have already moved some of my servers to mariadb, with minor to none downtime during the process, but I have also kept some of them stuck with mysql just because of the "official" support (well, it is the elected one in main repository after all)


I have also done some*bench marking*and have also seen no loss in performance, depending on the memcache/loadbalance/db engine, it got even a little better.*
They have published some bug fixes that were really*critical*for me.


And MOST OF THE TIME, the binaries and libraries are*transparently*compatible with MySQL, therefore, I have never had an application or frame work even realize it was not running on top of MySQL.


I have seen a few discussions in the past couple of years (not sure from who) in the ubuntu-server list, and back when I have first followed this up, maintainers claimed it was not really fully compatible due to some of the dependencies that the other packages have set, and apache2 was one of the most important... So have in mind there will have a major scrub in a lot of packages to change their dependencies from mysql (and its libraries) to mariadb.


Of course, its a doable task, but might be a little larger than we may first realize.
2012/2/7 Marc Deslauriers <marc.deslauriers@canonical.com>


On Tue, 2012-02-07 at 01:50 -0800, Clint Byrum wrote:

> I'm writing to the greater Debian and Ubuntu community to ask for your

> thoughts on a proposal to drop MySQL in favor of MariaDB. Its clear to

> me that Oracle is not going to do work in the open, and this will become

> a huge support burden for Linux distributions. The recent CVE's had to

> be hunted down and investigated at great difficulty to several people,

> since the KB articles referenced and the internal Oracle bug numbers

> referenced were not available.

>

> This will only get harder as the community bug tracker gets further out

> of sync with the private one.



As a member of the security team, I think Oracle's move to a private bug

tracker and not publishing details on the security issues is a disaster

for Linux distributions attempting to maintain MySQL.



I would support moving to a project that still does development in the

open and is not actively trying to hide details of security issues.



Marc.







--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam



--
Fábio Leitão
..-. .- -... .. ---* .-.. . .. - .- ---* ...-.-


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Marc Deslauriers 02-12-2012 03:05 AM

MySQL's future in Debian and Ubuntu
 
On Sat, 2012-02-11 at 20:47 -0200, Fabio T. Leitao wrote:
> I have already moved some of my servers to mariadb, with minor to none
> downtime during the process, but I have also kept some of them stuck
> with mysql just because of the "official" support (well, it is the
> elected one in main repository after all)

Out of curiosity, what version of MySQL did you migrate to what version
of MariaDB?

Marc.




--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

"Fabio T. Leitao" 02-12-2012 10:06 PM

MySQL's future in Debian and Ubuntu
 
The first time I have attempted this was in the previous release of Ubuntu, o I am not totally sure of what version number was available.
At least two of the most recent trys were with 11.10 oneiric... the servers had mysql*5.1.58-1ubuntu1 and now are running mariadb*5.2.10-mariadb107~oneiric


I have got those binaries from their official repository:*http://ftp.osuosl.org/pub/mariadb/repo/5.2/ubuntu/ oneiric/main i386


I also use their libraries for apache and rails (the framework that runs on these servers)

2012/2/12 Marc Deslauriers <marc.deslauriers@canonical.com>


On Sat, 2012-02-11 at 20:47 -0200, Fabio T. Leitao wrote:

> I have already moved some of my servers to mariadb, with minor to none

> downtime during the process, but I have also kept some of them stuck

> with mysql just because of the "official" support (well, it is the

> elected one in main repository after all)



Out of curiosity, what version of MySQL did you migrate to what version

of MariaDB?



Marc.









--
Fábio Leitão
..-. .- -... .. ---* .-.. . .. - .- ---* ...-.-



--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Eddie Bachle 02-13-2012 06:20 AM

MySQL's future in Debian and Ubuntu
 
In general, I am generally an simply an observer on most of these mailing lists, however my concerns with a switch are far less technical and far more practical. *I work currently for a college in Michigan which utilizes almost solely Windows servers simply because it is what the IT staff here knows. *As a student here, I was brought in to assist with the web server administration, and as time went by because I have a degree of*Linux*knowledge, I was given permission to put together a Ubuntu LAMP server to serve a couple of interested parties on campus who wanted simply to demo several small scale web apps that were*Linux*exclusive. *This server would serve as an exception to the general rule of our server architecture. *However as time has went by and my knowledge looks more like it will be a fixture here after graduation, along with the simple instability of PHP and Apache on the Windows platform, my boss is giving far more consideration to moving to Linux. *


As Linux gains more public recognition, more and more Windows-only organizations will consider using it as an alternative, especially for their web servers. *
This is especially true because of the fact that each of the necessarily main components of a web server exist in Linux in the same form as the do on Windows and often run much better. *Then, the only piece one would need to learn would be the new operating system, not the database, HTTP server, or PHP scripting language software. **However, this is going to be a more difficult proposition if the aforementioned advantage is somewhat*eliminated. *Were I to have to tell my boss that we could switch to Ubuntu but it would mean that would need to use a "MySQL compatible" database if we want to use the native database (which we likely would because it's tested to be stable and it is supported by the developers), then she would be much more hesitant. *


There simply is a much greater sense of trepidation for those who are not significantly Linux savvy if there exists a possibility that they would have to make something work in an unfamiliar environment, especially if it were to happen unexpectedly. *If we ported our www website server over to Ubuntu and then 6 months down the road we were to upgrade our Joomla version and there became an issue with MariaDB because it lacks some MySQL feature that it needs, or even that Joomla would fail to recognize Maria as being equivalent to MySQL at some point, then that would be a huge detraction against switching. *

Unless assurances that any software that asks for MySQL will recognize and accept MariaDB equivalents, and that this should always be the case, and that it will retain the stability and recognized benefits of MySQL, I would encourage extreme caution in encouraging a switch. *Linux is beginning to grow into areas it previously didn't reach and bringing a far superior web server experience as well as simply a better operating system experience for many and I would not like to see that growth compromised. *I would like to say we would still switch, or still heavily consider it for the grains that could be made by using Ubuntu, however realistically, the lack of native MySQL in any OS would be a huge mark against it. *Also that being said, if the technical concerns are answered adequately for a vast majority of applications and hardware/OS setups, then I would be totally behind switching to a more open source friendly and compatible database software as there would be little love lost between me and MySQL. *

I hope this perspective helps a bit in considering this decision, *
Eddie BachleAlbion College '13


On Sun, Feb 12, 2012 at 6:06 PM, Fabio T. Leitao <fabio.tleitao@gmail.com> wrote:


The first time I have attempted this was in the previous release of Ubuntu, o I am not totally sure of what version number was available.
At least two of the most recent trys were with 11.10 oneiric... the servers had mysql*5.1.58-1ubuntu1 and now are running mariadb*5.2.10-mariadb107~oneiric




I have got those binaries from their official repository:*http://ftp.osuosl.org/pub/mariadb/repo/5.2/ubuntu/ oneiric/main i386




I also use their libraries for apache and rails (the framework that runs on these servers)

2012/2/12 Marc Deslauriers <marc.deslauriers@canonical.com>




On Sat, 2012-02-11 at 20:47 -0200, Fabio T. Leitao wrote:

> I have already moved some of my servers to mariadb, with minor to none

> downtime during the process, but I have also kept some of them stuck

> with mysql just because of the "official" support (well, it is the

> elected one in main repository after all)



Out of curiosity, what version of MySQL did you migrate to what version

of MariaDB?



Marc.









--
Fábio Leitão
..-. .- -... .. ---* .-.. . .. - .- ---* ...-.-




--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Marc Deslauriers 02-13-2012 12:05 PM

MySQL's future in Debian and Ubuntu
 
On Mon, 2012-02-13 at 02:20 -0500, Eddie Bachle wrote:
> In general, I am generally an simply an observer on most of these
> mailing lists, however my concerns with a switch are far less
> technical and far more practical. I work currently for a college in
> Michigan which utilizes almost solely Windows servers simply because
> it is what the IT staff here knows. As a student here, I was brought
> in to assist with the web server administration, and as time went by
> because I have a degree of Linux knowledge, I was given permission to
> put together a Ubuntu LAMP server to serve a couple of interested
> parties on campus who wanted simply to demo several small scale web
> apps that were Linux exclusive. This server would serve as an
> exception to the general rule of our server architecture. However as
> time has went by and my knowledge looks more like it will be a fixture
> here after graduation, along with the simple instability of PHP and
> Apache on the Windows platform, my boss is giving far more
> consideration to moving to Linux.
>
>
> As Linux gains more public recognition, more and more Windows-only
> organizations will consider using it as an alternative, especially for
> their web servers. This is especially true because of the fact that
> each of the necessarily main components of a web server exist in Linux
> in the same form as the do on Windows and often run much better.
> Then, the only piece one would need to learn would be the new
> operating system, not the database, HTTP server, or PHP scripting
> language software. However, this is going to be a more difficult
> proposition if the aforementioned advantage is somewhat eliminated.
> Were I to have to tell my boss that we could switch to Ubuntu but it
> would mean that would need to use a "MySQL compatible" database if we
> want to use the native database (which we likely would because it's
> tested to be stable and it is supported by the developers), then she
> would be much more hesitant.

If you prefer MySQL, you'll still be able to manually install it MySQL
on Ubuntu and Debian, much like you manually install it on Windows.

>
>
> There simply is a much greater sense of trepidation for those who are
> not significantly Linux savvy if there exists a possibility that they
> would have to make something work in an unfamiliar environment,
> especially if it were to happen unexpectedly. If we ported our www
> website server over to Ubuntu and then 6 months down the road we were
> to upgrade our Joomla version and there became an issue with MariaDB
> because it lacks some MySQL feature that it needs, or even that Joomla
> would fail to recognize Maria as being equivalent to MySQL at some
> point, then that would be a huge detraction against switching.

I predict it will be the opposite. Once distros and people start
switching to MariaDB, other projects will be testing on MariaDB by
default, and compatibility with MySQL will then become problematic.

Marc.




--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Robbie Williamson 02-13-2012 03:11 PM

MySQL's future in Debian and Ubuntu
 
On 02/13/2012 01:20 AM, Eddie Bachle wrote:
> I would like to say we would still switch, or still heavily consider it
> for the grains that could be made by using Ubuntu, however
> realistically, the lack of native MySQL in any OS would be a huge mark
> against it.

FTR, we would not *drop* MySQL support. Worst case scenario, we'd place
them in partner, much like we did with sun-java. The change would be
that our default/recommended DB would be MariaDB.

> Also that being said, if the technical concerns are
> answered adequately for a vast majority of applications and hardware/OS
> setups, then I would be totally behind switching to a more open source
> friendly and compatible database software as there would be little love
> lost between me and MySQL.

One thing to note, the primary motivator for this proposal isn't about
moving to a more "open source friendly" application. We have genuine
security concerns/issues with how MySQL handles and publishes their
security updates. We can't simply update supported prior Ubuntu
releases to newer MySQL versions, so we have to backport patches. Their
lack of information and access to the bugs addressed makes it *very*
time consuming and difficult for our security and SRU teams to do this.
If we can resolve these issues, then MySQL's future in main looks much
brighter.

-Robbie


--
Robbie Williamson <robbie@ubuntu.com>
robbiew[irc.freenode.net]

"Don't make me angry...you wouldn't like me when I'm angry."
-Bruce Banner

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam


All times are GMT. The time now is 05:12 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.