(removing Jonathan specifically; the debian-release ML should be sufficient as this is for the release team generally now)
On Mon, Dec 14, 2015 at 05:45:24PM +0000, Robie Basak wrote: > Can I ask that this request (for the release team to make a decision > between the choices I outlined[1]) be tabled again at the IRC meeting I > understand will be taking place this Wednesday? Please let me know if > there's anything I can do to help you make a decision on this. Following up, here's a summary of the outcome from the meeting yesterday. There is also a full log[1] and the previous meeting[2] from 23 September is also relevant. I asked for specific actionable items, as I didn't see we can reasonably be expected to address anything that hasn't been enumerated. Nobody was able to provide a link to any record of a specific list of problems having been given to us (pkg-mysql-maint) before. I appreciate that noises have been made previously; I just don't think that we have had been given specific addressable items until now. Here are the enumerated concerns of the release team for MySQL in Debian given to us in yesterday's meeting: 20:12:37 <pochu> 1- mysql isn't maintained in jessie 20:12:56 <pochu> 2- no disclosure of security issues w/ patches 20:13:13 <pochu> 3- we have two forks of the same codebase 20:13:39 <pochu> 4- point releases can contain anything Nobody could think of anything else. Since we can only address problems that we have been told about, I said I'd pass these on for a response and we agreed that a response would be provided by 16 Jan. I asked that the release team reply to this email to record anything else that they might think of later. I don't think it's reasonable to expect us to address anything else unless it has specifically been pointed out in this way. Item 3 is clearly out of the hands of MySQL upstream. I asked if MySQL in Debian was still at risk even if 1, 2 and 4 were resolved to the release team's satisfaction because of 3. The release team were unable to commit to an answer to this question, but did say that failure to address them was grounds to pick MariaDB and remove MySQL. I took an action to communicate these four points with MySQL upstream. I have now done so. They (like me) are now on holiday until 2016 and will respond in early January. I would also like to point out that there was an action on the release team from the meeting of 23 September to initiate the discussion between the security team and MySQL upstream on the security-related concerns, and this never happened. Upstream had been waiting on that to happen. As they're now on holiday I think we'd best get that conversation going when they're back in January. I'd like to thank the release team for spending the time with me yesterday. I feel that the outcome was productive and I look forward to getting this matter resolved soon. Robie [1] http://meetbot.debian.net/debian-release/2015/debian-release.2015-12-16-19.22.log.html [2] http://meetbot.debian.net/debian-release/2015/debian-release.2015-09-23-17.59.log.html
signature.asc
Description: Digital signature
