Posted on 20/7/2012, 3:25 pm, by Colin Charles, under
MariaDB,
MySQL.
This is the third time MySQL has made an entry into the Oracle Critical Patch Update Advisory service. The first time, we at Team MariaDB came up with an analysis: Oracle’s 27 MySQL security fixes and MariaDB.
Security is important to a DBA. Having vague explanations does no one any good. Even Oracle ACE Director Ronald Bradford chooses to ask some tough questions on this issue. Recently we found a bug in MySQL & MariaDB and did some responsible disclosure as well.
Security is a big deal to distributions shipping MySQL. It comes alongside having a good, accessible bugs system. Recall a discussion a while back about possibly even replacing MySQL with MariaDB (this led to a fun discussion and a long meeting at UDS Oakland to ensure choice).
These discussions always come back. Today on the Debian mailing list, the suggestion popped back up again. I’m sure it will pop up again in October when the next CPU includes some fixes in MySQL…
What is Oracle going to do about this? Will it start being more open (not with a select few folk, but with the wider community)?
Posted on 22/7/2008, 6:58 pm, by Colin Charles, under
MySQL.
I don’t know about “me too” types of bug replies, but before everyone goes to the bug database and starts saying “me too”, “this affects me”, “please fix this ASAP”, “I won’t use MySQL 5.1 till this is fixed”, I wonder if this will cause more harm (i.e. more bug spam for the developer, and all those subscribed to it) than good.
It seems like the public Worklog interface gets this right – via voting. Having a count of those that have the same problems, even displayed via “stars”, is a much better interface, and shows urgency a lot better than “me too” posts.
Take one of my favourite worklogs – WL#148 (to implement engine independent foreign keys). Not only can you tag it, you can also comment on it (like a bug report), you can subscribe to it (watch it) and in the event you felt like a “me too”, you just login, and vote!
Lots of bug tracking systems have voting. I remember this being implemented on the OpenOffice.org system (IssueZilla) a few years back, and its definitely proven to be useful. Maybe this is a feature request, for our bugs system?
