Hello!
pe 28. jouluk. 2018 klo 9.27 Jan Ingvoldstad
(jan-debian-lts-2...@oyet.no) kirjoitti:
>
> On 2018-12-27 18:51, Lars Tangvald wrote:
>
> > Upgrading to 5.6 would be less risky than MariaDB 10.1, but it's a
> > similar sort of risk.
>
> I don't know what the risk with switching to MariaDB
Hello!
to 3. tammik. 2019 klo 3.40 Robie Basak (robie.ba...@canonical.com) kirjoitti:
>
> Hi Otto and the LTS team,
>
> On Mon, Dec 31, 2018 at 10:50:34AM +0200, Otto Kekäläinen wrote:
> > I think that is *if* makes sense to engineer some automatic upgrade path in
Hello!
ke 19. jouluk. 2018 klo 18.01 Holger Levsen (hol...@layer-acht.org) kirjoitti:
> > Also note that mariadb 10.0 is EOL in three months[2].
>
> I think this rules out mariadb 10.0 as a sensible upgrade path here.
> (Also, switching from mysql to mariadb in an LTS security upload???)
Do we
Hello Debian LTS team!
I think that is *if* makes sense to engineer some automatic upgrade path in
an LTS release, then it would be to introduce MariaDB 10.1 into Jessie.
Upgrading from MySQL 5.5 and MariaDB 10.0 to MariaDB 10.1 is pretty safe,
and the maintenance period of MariaDB 10.1 would
> Thinking about this some more, maybe we could attempt this, backporting
> security
> fixes from MariaDB 10.1 or forward-porting them from MariaDB 5.5 (still
> supported until April 2020). That way we don't force any 10.0 -> 10.1
> migration
> on our users (though MySQL 5.5 users will still
Hello Emilio and anybody else who might at some point upload MariaDB
to jessie-security or stretch-security!
Please use as the starting point the latest version in the MariaDB
team Salsa repos
- mariadb-10.0 branch 'jessie'
- mariadb-10.1 branch 'stretch' (from 2020 onwards LTS)
I have prepared
Hello!
> >> During the 10.5 packaging cycle I have tested building backports for
> >> every commit (see e.g.
> >> https://salsa.debian.org/mariadb-team/mariadb-10.5/-/pipelines/191851).
> >> The galera-4 dependency is already available in
> >> stretch-backports-sloppy. If you are interested in
> But what would be the point? You'd end up with a less-tested version
> of 10.3 compared to regular buster and if people need to move from
> 10.1 to 10.3, they can just as well upgrade to Buster.
>
> So, advise people to upgrade for anyone running the -server packages and
> keep the client-side
Hello!
I don't have any particular plans. I'll keep updating the package for
as long as upstream provides updates. For 10.1 the updates are indeed
officially over now: https://mariadb.org/about/#maintenance-policy
What options do we have anyway? Does the LTS team think they should be
responsible
Hello!
I just realized Emilio represents the LTS team and he already took care of this.
ke 21. lokak. 2020 klo 11.25 Otto Kekäläinen (o...@debian.org) kirjoitti:
>
> Hello Debian LTS team!
>
> Regarding CVE-2020-15180 I have prepared updates for Ubuntu Trusty
> (5.5), Ubuntu Bioni
Hello Debian LTS team!
Regarding CVE-2020-15180 I have prepared updates for Ubuntu Trusty
(5.5), Ubuntu Bionic (10.1), Focal (10.3), Groovy (10.3) and Debian
Stretch (10.1), Buster (10.3) and Sid (10.5).
The Debian and Ubuntu security teams have already processed these and
DSA and USN are in the
On Tue, 3 Nov 2020 at 21:02, Holger Levsen wrote:
..
> > What options do we have anyway? Does the LTS team think they should be
> > responsible for providing security updates beyond what upstreams do?
>
> yes, that's what we often do.
Not even MariaDB devs always manage to correctly take patches
Hello!
Are LTS folks aware about the change in libcrypt1 where tt was split
out of libc into a separate package?
Perl needs /lib/x86_64-linux-gnu/libcrypt.so.1 to run, and when it
gets removed Perl immediately stops working, and thus no dpkg command
will proceed anymore [1].
As it breaks dpkg,
Hi!
On Mon, Feb 14, 2022 at 4:04 AM Markus Koschany wrote:
>
> Hello,
>
> Just a heads-up. New CVE have been reported for MariaDB 10.3. It is likely
> that
> 10.1 in Stretch is affected as well. Otto Kekäläinen (maintainer) is currently
> investigating if it is feasibl
Hello LTS team!
Users of Debian LTS are currently affected by a bug that prevents
skipping Debian releases. If skipping a release is not possible in an
upgrade, it makes using LTS kind of moot.
For discoverability, I posted a summary and workaround steps at
Hi Emilio!
Please try pushing now. I don't see any of your commits on
https://salsa.debian.org/mariadb-team/mariadb-10.3/-/commits/buster
yet.
On Sat, 8 Oct 2022 at 16:08, Otto Kekäläinen wrote:
>
> > btw, while importing my changes, I have noticed that I have a bunch of extra
> &
Hi Emilio!
On Sat, 8 Oct 2022 at 16:04, Otto Kekäläinen wrote:
>
> On Fri, 30 Sept 2022 at 04:31, Emilio Pozuelo Monfort
> wrote:
> >
> > On 26/09/2022 05:39, Otto Kekäläinen wrote:
> > > Hello Emilio!
> > >
> > > I see you uploaded:
> &
Hello Emilio!
I see you uploaded:
https://tracker.debian.org/news/1362643/accepted-mariadb-103-110336-0deb10u1-source-into-oldstable/
I don't see the commits at
https://salsa.debian.org/mariadb-team/mariadb-10.3/-/commits/buster -
please push there to avoid getting the versions out of sync and
On Fri, 30 Sept 2022 at 04:31, Emilio Pozuelo Monfort wrote:
>
> On 26/09/2022 05:39, Otto Kekäläinen wrote:
> > Hello Emilio!
> >
> > I see you uploaded:
> > https://tracker.debian.org/news/1362643/accepted-mariadb-103-110336-0deb10u1-source-into-oldstable/
&
> btw, while importing my changes, I have noticed that I have a bunch of extra
> files in my debian/ dir. Which are neither in git, nor in the 10.3.34 buster
> update. Which is weird, because I based my update on upstream +
> 10.3.34-0+deb10u1. After some investigation, I found that the upstream
On Mon, 5 Dec 2022 at 01:18, Utkarsh Gupta wrote:
>
> Hi Otto,
>
> On Mon, Dec 5, 2022 at 5:33 AM Otto Kekäläinen wrote:
> > I didn't get a reply to this, so asking again.
>
> I could take care of the upload but if you'd like to do that, please
> feel free t
to QA packages before upload to _any_ Debian release?
On Sun, 20 Nov 2022 at 13:50, Otto Kekäläinen wrote:
>
> > > I do however have some challenges that some of the build jobs don't
> > > honor the RELEASE variable. For example Lintian is run with the latest
> > > 2.11
Hi Emilio!
I didn't get a reply to this, so asking again.
On Sun, 20 Nov 2022 at 17:57, Otto Kekäläinen wrote:
>
> Hello Emilio!
>
> MariaDB 1:10.3.37-0+deb10u1 is ready for upload at
> https://salsa.debian.org/mariadb-team/mariadb-10.3/-/commits/buster
>
> Do
> > I do however have some challenges that some of the build jobs don't
> > honor the RELEASE variable. For example Lintian is run with the latest
> > 2.115 version and not the Bullseye/Buster version, so it leads to
> > failures that are not actual regressions.
>
> Can you briefly clarify what
Hello Emilio!
MariaDB 1:10.3.37-0+deb10u1 is ready for upload at
https://salsa.debian.org/mariadb-team/mariadb-10.3/-/commits/buster
Do you want to take care of the upload?
Hi!
> > Do you use Salsa-CI (and Lintian v2.115.3) for quality assurance of
> > your packages before uploading to Debian Bullseye or Buster?
>
> Until a few minutes ago, no, I did not test using the latest version
> of Lintian from unstable. Rather, I was using the version in
>
Hi!
I was wondering how common is it for DDs to use Salsa-CI while doing
quality assurance prior to Bullseye and Buster uploads?
I have been using Salsa-CI since many years back, and the MariaDB
releases in Buster and Bullseye were done during the Salsa-CI era, and
I continue to run Salsa-CI for
/salsa-ci-team/pipeline/-/merge_requests/407
I am a bit surprised I seem to be the only one running Salsa-CI when
preparing stable/LTS uploads, this issue must have been making the
pipeline red for everybody building RELEASE=bullseye/buster/stretch.
On Sun, 15 Jan 2023 at 13:25, Otto Kekäläinen wrote
> > On 19/03/2023 23:04, Otto Kekäläinen wrote:
> > > Following up on this topic, I noticed that I can't even manually
> > > override the Lintian image version at the moment as the
> > > Buster/Bullseye/Bookworm tags don't exist at
> > > htt
Hi!
On Mon, 26 Dec 2022 at 14:08, Otto Kekäläinen wrote:
>
> On Mon, 5 Dec 2022 at 01:18, Utkarsh Gupta wrote:
> >
> > Hi Otto,
> >
> > On Mon, Dec 5, 2022 at 5:33 AM Otto Kekäläinen wrote:
> > > I didn't get a reply to this, so asking again.
Hi!
FYI, MariaDB did an extra batch of releases in June. This message is
about 10.3 series.
No MariaDB 10.3.40 did not happen as 10.3 series it out of scope.
However, thinking of cherry-picking 10.4 changes, I did however check
the release notes of 10.4.30. The 3 top issues at
Hi LTS team!
I filed on May 26th this but never got any reply from stable managers:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=103679
It is affected by only one minor CVE-2022-47015. The same CVE was
already fixed in DLA-3444-1 with MariaDB 10.3.39 which was the LTS
until two weeks ago.
Hello!
FYI to avoid duplicate/conflicting work:
MariaDB just released a batch of new security/maintenance releases. I
am working to import 10.3, 10.5 and 10.11 into Debian (and eventually
into Ubuntu).
You can follow progress in real time via git commits showing up at
33 matches
Mail list logo