LTS report for December 2018
Hi, In December I was allocated 4h and I spent only 3h of them (I'll catch up the remaining 1h during January 2019) doing the following: * ghostscript: Fixed CVE-2018-19134 and CVE-2018-19478. The DLA was properly sent [1]. * phpmyadmin: Trying to reproduce CVE-2018-19968. [1] https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html Kind regards, -- Lucas Kanashiro signature.asc Description: OpenPGP digital signature
Re: MySQL 5.5 EOL before Debian 8 LTS ends
On 2019-01-03 10:40, Otto Kekäläinen wrote: You can always cross-migrate via logical database dumps as .sql files instead of in-place binary files. This is not guaranteed to work, and you need to take special care with mysqldump and mysql options for such migration dumps. For instance, if a table contains datetime entries '-00-00 00:00:00', or duplicate primary keys, it's not necessarily trivial to migrate using the ordinary, safe options for migrating. -- Cheers, Jan
Re: MySQL 5.5 EOL before Debian 8 LTS ends
On 03/01/2019 10:40, Otto Kekäläinen wrote: > Hello! > > to 3. tammik. 2019 klo 3.40 Robie Basak (robie.ba...@canonical.com) kirjoitti: >> >> Hi Otto and the LTS team, >> >> On Mon, Dec 31, 2018 at 10:50:34AM +0200, Otto Kekäläinen wrote: >>> I think that is *if* makes sense to engineer some automatic upgrade path in >>> an LTS release, then it would be to introduce MariaDB 10.1 into Jessie. >> >> If this is explicitly opted in to by users then I have no objection. >> >> However since the MySQL -> MariaDB crossgrade is not easily reversible >> (MariaDB modifies the on-disk schema/format), I don't think this is a >> good idea to do automatically. Users may, on upgrade past Jessie, choose >> to continue with MySQL coming from a source that isn't Debian stable >> (eg. by using unstable, directly from upstream, or a change of >> distribution). Automatically converting their database to not-MySQL >> would make that difficult, and would be a violation of the stable >> release promise for those users. I think that affected users would quite >> rightly be upset about it. > > You can always cross-migrate via logical database dumps as .sql files > instead of in-place binary files. > > Anyway the big question here is does the LTS team want to go through > the hassle of doing a version upgrade in a stable release. The alternative to upgrading to MariaDB 10.1 is to keep supporting 10.0 for the lifetime of jessie. Obviously I'd prefer if we could do that for stability reasons, but I'm not sure we can commit to that without upstream's support. > I've tested that the current mariadb-10.1 version in Stretch also > builds in Jessie as-is > (https://salsa.debian.org/mariadb-team/mariadb-10.1/-/jobs), but some > work should be invested into properly write gitlab-ci.yml tests and > automation to ensure there are a minimal amount of surprises if real > systems go though an upgrade. Anyway, as a first step MariaDB 10.1 > should be put into jessie-backports so that those who want to opt-in > for such a move right now, could do it. Do we have any contributors > who would like to help out with this task? jessie-backports is closed to new uploads[1]. We could put test packages on people.debian.org and request feedback. Cheers, Emilio [1] https://lists.debian.org/debian-backports-announce/2018/07/msg0.html
Re: MySQL 5.5 EOL before Debian 8 LTS ends
Hello! to 3. tammik. 2019 klo 3.40 Robie Basak (robie.ba...@canonical.com) kirjoitti: > > Hi Otto and the LTS team, > > On Mon, Dec 31, 2018 at 10:50:34AM +0200, Otto Kekäläinen wrote: > > I think that is *if* makes sense to engineer some automatic upgrade path in > > an LTS release, then it would be to introduce MariaDB 10.1 into Jessie. > > If this is explicitly opted in to by users then I have no objection. > > However since the MySQL -> MariaDB crossgrade is not easily reversible > (MariaDB modifies the on-disk schema/format), I don't think this is a > good idea to do automatically. Users may, on upgrade past Jessie, choose > to continue with MySQL coming from a source that isn't Debian stable > (eg. by using unstable, directly from upstream, or a change of > distribution). Automatically converting their database to not-MySQL > would make that difficult, and would be a violation of the stable > release promise for those users. I think that affected users would quite > rightly be upset about it. You can always cross-migrate via logical database dumps as .sql files instead of in-place binary files. Anyway the big question here is does the LTS team want to go through the hassle of doing a version upgrade in a stable release. I've tested that the current mariadb-10.1 version in Stretch also builds in Jessie as-is (https://salsa.debian.org/mariadb-team/mariadb-10.1/-/jobs), but some work should be invested into properly write gitlab-ci.yml tests and automation to ensure there are a minimal amount of surprises if real systems go though an upgrade. Anyway, as a first step MariaDB 10.1 should be put into jessie-backports so that those who want to opt-in for such a move right now, could do it. Do we have any contributors who would like to help out with this task?
