Hi Santiago, On Mittwoch, 16. Dezember 2015, Santiago Ruano Rincón wrote: > mysql-client and mysql-server are empty packages that depends on the > actual client and server packages. We needed to bump them, or to be more > precise, to not drop them from the mysql-5.5 source package, so they can > depend on the mysql-*-5.1 OR mysql-*-5.5 packages. ah. the "OR mysql-*5.1" part got lost. > Package: mysql-server > Source: mysql-5.5 > Version: 5.5.46-0+deb6u1 > ... > Depends: mysql-server-5.1 | mysql-server-5.5 leaving this quote here for the benefit of some people bcc:ed ;-) > So the mysql server and client shall not be upgraded automatically. right. and good. > Sorry if the DLA is not clear enough about this. I've just re-read the DLA again and indeed the only time it speaks about 5.1 is about it probably suffering vulnerabilities. The DLA totally omits the OR- relationship and it's consequences. I'm not sure this demands an update of the DLA, but I certainly think it would justify one. Let's see how much more feedback this gets and let's keep this in mind for future DLAs about similar upgrades. And for those following at home: do upgrade to 5.5! "MySQL 5.1 likely suffers from multiple vulnerabilities" is a very conservative statement. (I've just asked what I asked for two reasons: a.) to be able to just apply all LTS updates now easily and do the 5.5 upgrade when timing permits and b.) to improve future DLAs.) cheers, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.