[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Future of MariaDB in stretch-lts (was: Re: CVE-2020-15180: MariaDB)

Hi Otto,

On Mon, Nov 02, 2020 at 09:15:32PM +0200, Otto Kekäläinen wrote:
> I don't have any particular plans. I'll keep updating the package for
> as long as upstream provides updates. For 10.1 the updates are indeed
> officially over now: https://mariadb.org/about/#maintenance-policy
> What options do we have anyway? Does the LTS team think they should be
> responsible for providing security updates beyond what upstreams do?

yes, that's what we often do.

> Or are you thinking about providing backports?

or we do this ;)

> During the 10.5 packaging cycle I have tested building backports for
> every commit (see e.g.
> https://salsa.debian.org/mariadb-team/mariadb-10.5/-/pipelines/191851).
> The galera-4 dependency is already available in
> stretch-backports-sloppy. If you are interested in backports, that
> could be a viable option.

how compatible are 10.1 and 10.5?

> To decrease the risk of similar situations in the future (or decrease
> the time window for it), I am now putting all my effort into having
> 10.5 in Bullseye so that the official support period is as long as
> possible by using the latest possible upstream version.

nice! thanks for all your work on mariadb!


 ⣾⠁⢠⠒⠀⣿⡁       holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Dance like no one's watching. Encrypt like everyone is.

Attachment: signature.asc
Description: PGP signature

Reply to: