Re: Is Debian affected by the recent MySQL sql/password.c flow?

To: debian-devel@lists.debian.org
Cc: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: Is Debian affected by the recent MySQL sql/password.c flow?
From: Thomas Goirand <zigo@debian.org>
Date: Tue, 12 Jun 2012 14:50:34 +0800
Message-id: <[🔎] 4FD6E6BA.8060505@debian.org>
In-reply-to: <[🔎] CAMr=8w7wdcxSiNaRAKgYJMCunbsdaCHULtnYROj4_0B1k4ZnWg@mail.gmail.com>
References: <[🔎] 4FD62E80.20308@goirand.fr> <[🔎] CAMr=8w4Mob-sWJzYGcWbw-QLBhhJf+uMOs+38uQ839BMRA2UEg@mail.gmail.com> <[🔎] 4FD634D8.7050401@debian.org> <[🔎] CAMr=8w6SMB3shwjwMEo_-vURUVzrViigOnbSxf3pGNXPkOQcHA@mail.gmail.com> <[🔎] 4FD63B81.2080800@debian.org> <[🔎] CAMr=8w7wdcxSiNaRAKgYJMCunbsdaCHULtnYROj4_0B1k4ZnWg@mail.gmail.com>

On 06/12/2012 10:25 AM, Aron Xu wrote:
> I'm not expecting to hide anything, but it's harmful to announce the
> world by a discussion in debian-devel that we are affected with no
> solution provided, at the time related people (means the maintainers
> and Security Team, not including the user - like you) haven't said a
> word about it.
>   
If Debian was affected (which it seems it is not), you wouldn't be able
to keep that secret for more than few minutes. You can be 100% sure
that a bunch of hackers would already be playing with your MySQL
server. And this, even before you hear about this.

If  such a disaster happens, then it's better to know asap, so critical
servers can be patched asap too (even before Debian releases or
announces anything). The harm would be to believe not posting in
debian-devel is changing anything.

I agree I should have posted in debian-security@l.d.o though.

Thomas

p.s: Anyway, it seems we're safe this time, even in SID! :)

Reply to:

References:
- Is Debian affected by the recent MySQL sql/password.c flow?
  - From: Thomas Goirand <thomas@goirand.fr>
- Re: Is Debian affected by the recent MySQL sql/password.c flow?
  - From: Aron Xu <happyaron.xu@gmail.com>
- Re: Is Debian affected by the recent MySQL sql/password.c flow?
  - From: Thomas Goirand <zigo@debian.org>
- Re: Is Debian affected by the recent MySQL sql/password.c flow?
  - From: Aron Xu <happyaron.xu@gmail.com>
- Re: Is Debian affected by the recent MySQL sql/password.c flow?
  - From: Thomas Goirand <zigo@debian.org>
- Re: Is Debian affected by the recent MySQL sql/password.c flow?
  - From: Aron Xu <happyaron.xu@gmail.com>

Prev by Date: Re: Handling of changelogs and bin-nmus
Next by Date: Bug#677182: ITP: libguac-client-rdp -- RDP client plugin for Guacamole
Previous by thread: Re: Is Debian affected by the recent MySQL sql/password.c flow?
Next by thread: Re: Is Debian affected by the recent MySQL sql/password.c flow?
Index(es):
- Date
- Thread