[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#565308: Will we see MariaDB in Jessie?

On 2013-05-08 06:42, anarcat wrote:
On 2013-05-06 13:17:47, Patrick Matthäi wrote:
But why should it _replace_ MySQL, why not providing it as an
alternative MySQL'ish server?
As others mentionned: Oracle. More precisely, because Oracle has a
rather rude security policy of not divulging security issues directly
and publishing a whole new release (as opposed to a patch) when security
issues are published.
That regression alone should be indication enough that Oracle doesn't
care about us, if we needed any reminder.
We did it for Libreoffice, let's push it a little further.

I have to say that actually the "ship the whole release" paradigm has, thus far, resulted in a single reported regression [1]. This regression was basically "I have something really old and busted that depended on a really broken behavior.". Forgive me if I do not sympathize with the user who was not maintaining their software even a little bit (read the bug for details). It is the only mitigating factor in this whole freak show... we can simply ship what Oracle puts out, and at least have a modicum of confidence that it will not cause users too much pain.

I would not say that Oracle doesn't care about Debian MySQL users. I would say that Oracle doesn't care about anybody who is not "showing them the money". MySQL has enough momentum without Wikipedia, Debian, and Fedora using it. They can keep selling it to enterprise customers for years, and their policies will keep them in the green while MySQL slowly fades into obscurity in the open source world. I don't want to detract from the work that a few of their employees (like Norvald Ryeng) are doing to maintain relevance, but it seems clear to me that these are not long term strategic efforts, but rather tactics to control the out-flow of open source users.

Also, it is not just the security policy that has open source users wanting off the crazy train, it is also the contributor agreement. Code from MariaDB can't go into MySQL because the coders for MariaDB are not going to assign copyright/grant license/whatever it is that the Oracle CA requires. So, for instance, when MariaDB fixes a blatant security problem, and publishes the fix, tests, and explanations of it, the Oracle MySQL team is pretty much screwed. They can't really look at the patches, lest they be charged with violating the license by simply copying/pasting using their minds. And they cannot even *talk* about whether or not it is fixed until well after it is fixed. But we can all see the code, so *WE* can talk about it. And when they fix it *wrong*, and those tests which they cannot use show that, we can point and laugh at them.

Oracle's policy is completely nuts from the perspective of open source. I suspect they'll milk MySQL for more cash than any pure open source effort would even dream of. The question we're left with is how best to keep serving Debian users. At the moment, and I believe for the next release cycle, we should consider being the ones who protect our users while they decide for themselves, and one way to do that is to make it easy to have both.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660206

Reply to: