Re: Future of MariaDB in stretch-lts (was: Re: CVE-2020-15180: MariaDB)
I don't have any particular plans. I'll keep updating the package for
as long as upstream provides updates. For 10.1 the updates are indeed
officially over now: https://mariadb.org/about/#maintenance-policy
What options do we have anyway? Does the LTS team think they should be
responsible for providing security updates beyond what upstreams do?
Or are you thinking about providing backports?
During the 10.5 packaging cycle I have tested building backports for
every commit (see e.g.
The galera-4 dependency is already available in
stretch-backports-sloppy. If you are interested in backports, that
could be a viable option.
To decrease the risk of similar situations in the future (or decrease
the time window for it), I am now putting all my effort into having
10.5 in Bullseye so that the official support period is as long as
possible by using the latest possible upstream version.