Hi, On Dienstag, 26. Januar 2016, Steven Chamberlain wrote: [...other valid points not quoted here…] > Assuming MariaDB is affected by the same issues, I may not be in a > technically better situation if I switched to using that. (Although, it > seems one of the recent CVEs did not affect MariaDB?). But I look at > their public bug dashboard as a model of how open I want development to > happen, and it makes me _feel_ more comfortable and optimistic in that > project already. Steven, thanks for wording this (all of it, also the non quoted parts) much better than I care to do. As I said on IRC on #debian-release: * | h01ger is tempted to reply "tl;dr; - mysql is the db with the NDA from oracle, mariadb is the free fork shipped everywhere - without NDAs and without a history of screwing free software, so let's EOT here" to the recent mail in that thread… - I know this is somewhat too simplefied, eg I do acknowledge and hope that Oracle can do better than "screwing free software", but… *they* need to show this *by themselves*. Yet when I read this in Robie's mail: "It is not reasonable for S to expect U[MySQL] to change their policy in order to meet a goal if S refuse to tell U[MySQL] how success against that goal will be measured." I have little hope + motivation to explain this better - CVE is a public database. So, another summary: there's a software from a company with NDAs (which have been applied to the question at hand, no less) and "a history of screwing free software" and there's a project to reuse the same codebase (and then build on it) to not do that. Also, I wonder why https://en.wikipedia.org/wiki/MariaDB#Prominent_users … ;-) cheers, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.