On Thu, 12 Jan 2017 22:38:19 +0100
Kristian Nielsen <kniel...@knielsen-hq.org> wrote:
> "Norvald H. Ryeng" <norvald.ry...@oracle.com> writes:
> > The transition is being executed by the release team and the MariaDB
> > maintainers. Please keep the MySQL maintainers out of it. Our
> > packages are being removed from stretch against our will, and
> > despite our huge effort to make MySQL and MariaDB coexist and our
> > efforts to fulfill all demands from the release and security
> > teams.
> That's ridiculous. MySQL upstream has for years been deliberately
> forging the git repo, removing information about security fixes. The
> mysql test suite is an integrated part of the source, and stripping
> part of it in source releases is completely anti-free software.
> Knowing Debian's strong position on Free Software, no-one can
> possibly be surprised that this is met with strong resistance, and a
> search for alternatives.
That has not been brought up as a reason for kicking MySQL out of
stretch. The only reason given by the security team is that there is
no public mapping between CVE IDs and patches/commits. All other
requirements have been met.
The security team claims this is a requirement for all software in
Debian. It's not hard to find other examples of software in Debian that
doesn't fulfill this requirement. However, MySQL is the only package
removed because of it.
Other software where I can't find a public mapping between CVE IDs and
patches/commits include projects such as Firefox and MariaDB.
Norvald H. Ryeng