On 2013-05-08 06:42, anarcat wrote:
On 2013-05-06 13:17:47, Patrick Matthäi wrote:
But why should it _replace_ MySQL, why not providing it as an
alternative MySQL'ish server?
As others mentionned: Oracle. More precisely, because Oracle has a
rather rude security policy of not divulging security issues directly
and publishing a whole new release (as opposed to a patch) when
security
issues are published.
That regression alone should be indication enough that Oracle doesn't
care about us, if we needed any reminder.
We did it for Libreoffice, let's push it a little further.
I have to say that actually the "ship the whole release" paradigm has,
thus far, resulted in a single reported regression [1]. This regression
was basically "I have something really old and busted that depended on a
really broken behavior.". Forgive me if I do not sympathize with the
user who was not maintaining their software even a little bit (read the
bug for details). It is the only mitigating factor in this whole freak
show... we can simply ship what Oracle puts out, and at least have a
modicum of confidence that it will not cause users too much pain.
I would not say that Oracle doesn't care about Debian MySQL users. I
would say that Oracle doesn't care about anybody who is not "showing
them the money". MySQL has enough momentum without Wikipedia, Debian,
and Fedora using it. They can keep selling it to enterprise customers
for years, and their policies will keep them in the green while MySQL
slowly fades into obscurity in the open source world. I don't want to
detract from the work that a few of their employees (like Norvald Ryeng)
are doing to maintain relevance, but it seems clear to me that these are
not long term strategic efforts, but rather tactics to control the
out-flow of open source users.
Also, it is not just the security policy that has open source users
wanting off the crazy train, it is also the contributor agreement. Code
from MariaDB can't go into MySQL because the coders for MariaDB are not
going to assign copyright/grant license/whatever it is that the Oracle
CA requires. So, for instance, when MariaDB fixes a blatant security
problem, and publishes the fix, tests, and explanations of it, the
Oracle MySQL team is pretty much screwed. They can't really look at the
patches, lest they be charged with violating the license by simply
copying/pasting using their minds. And they cannot even *talk* about
whether or not it is fixed until well after it is fixed. But we can all
see the code, so *WE* can talk about it. And when they fix it *wrong*,
and those tests which they cannot use show that, we can point and laugh
at them.
Oracle's policy is completely nuts from the perspective of open source.
I suspect they'll milk MySQL for more cash than any pure open source
effort would even dream of. The question we're left with is how best to
keep serving Debian users. At the moment, and I believe for the next
release cycle, we should consider being the ones who protect our users
while they decide for themselves, and one way to do that is to make it
easy to have both.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660206
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/0a473532e37c1088a0da68b63cc7a...@secure.spamaps.org
