Pedretti Fabio: >> * Summary of options and selection status >> Hi Robie, I appreciate your intention. However, I felt it was way too long for a summary and at this point it still TL;DR for me and I fear I won't have time to read and digest it all. However, I can certainly understand that you wanted to include all of that. Personally, I can see several points for improvements on the Debian release team's side. >> My original request for a decision proposed one of the following >> options, which I think we all agree are the only options available: >> > [...] > I do not feel the listed options accurately reflect the issues / concerns in play. As *I see it*, these are the options: 1) Default to MySQL with MariaDB also available /!\ 2) Default to MariaDB with MySQL also available 3) Only MySQL available, MariaDB removed from testing /!\ 4) Only MariaDB available, MySQL removed from testing. 5) Further discussion / delayed decision The options marked with /!\ are de facto *no-go* for me if/given the security team is unwilling to provide security support for MySQL[2]. In summary (again, *from my PoV*): * None of the currently available "reasonable options" include status quo (excl. 5). - Ergo, I see it as a transition of the default. * This is a transition I want early rather than rushed earlier. - It can trivially end up taking 6 months of calender time before it is complete. This is uncomfortably close to the transition deadline * For me, 1, 3 and 5 seems too unreliable / too unlikely that I am convinced we should accept the risks involved in it. - While I consider 2 unlikely, it has lower "risk" for me. Notably going from "2" to "4" (and vice versa) is vastly easier than from "1" to "2". Beyond this, I can certainly appreciate your desire to resolve the situation between the security team and MySQL upstream on CVE disclosures etc. Thanks, ~Niels PS: Re: 3)+4) I think it is largely irrelevant for the release team and the security team whether the removal *also* includes unstable. At the very least, it is a secondary concern, so I have decided to omit this distinction. [1] https://www.debian.org/releases/jessie/amd64/release-notes/ch-information.en.html#limited-security-support [2] Rationale: Missing security support would certainly have to go in the Stretch variant of [1]. That makes for a very bad release to have a default implementation being *without* official security support. Whether the MySQL team can deliver something comparable is a separate debate.
Attachment:
signature.asc
Description: OpenPGP digital signature