And apart from sponsoring Debian packaging work, Oracle seems conspicuously missing from: http://debconf16.debconf.org/sponsors.html http://debconf15.debconf.org/ https://www.debian.org/mirror/sponsors https://www.freexian.com/en/services/debian-lts.html
I don't want to link discussions of financial sponsorship with the fact that MySQL is in Debian or with the activities in the Debian MySQL maintainer team. Let us please keep those separate. If you want to discuss sponsorship, please let's do so in a completely different thread and on its own merits.
That said, I want to correct a small factual error:MySQL was a silver sponsor of DebConf15 and is listed as such. I attended the conference and had a great time. In fact, I was the only member of the Debian MySQL maintainer team to attend.
Clint Byrum wrote:[...] if it were written down somewhere as an actual policy. [...]Norvald H. Ryeng wrote:Tell us exactly what you want, in detail. If you don't then I don't think your position is reasonable.
I don't recognize those words, and it's not in the style I usually express myself. Are you paraphrasing?
Robie Basak wrote:So please: the security team needs to engage directly with Oracle by responding to Norvald's email and enumerating exactly what is wrong.I don't see that Debian has to do that, at all. Other upstream projects seem to 'just get it', so Oracle management is really expecting special treatment. IMHO I respond to bad dealings with a company by shopping elsewhere, not helping them improve their business practices.
I'm not management, but no, we're not expecting special treatment. We're asking to know what the requirements that apply to all packages in the archive are. Changing security policies/practices is not done easily, and our users expect stability and predictability in this area. If Debian wants our policies/practice to change, presenting the requirements is the first step.
My job is to gather those requirements and present the complete story to management so that they can make a decision. If I have to go back to management again and again and ask for change because I uncover new requirements, I haven't done my job.
But we got some great news yesterday: the security team is working on at set of guidelines. I'm glad they do, and I look forward to a chance at finally resolving this. I'm optimistic.
Regards, Norvald H. Ryeng