MRE request: mysql-5.5

Robie Basak robie.basak at ubuntu.com
Thu Feb 6 13:31:47 UTC 2014


Application drafted by MySQL upstream:

I would like to apply for a micro release exception for MySQL
Server.

Upstream:

  - Micro releases happen from low-volume stable branches,
    approximately once every two months.

  - Stable branches are supported with bug fixes for 8 years.

  - Upstream commits are reviewed by members of the MySQL Server
    Engineering team.

  - All commits to stable branches are evaluated wrt. potential
    regressions and signed off by the MySQL Support team.

  - Unit tests and regression tests are run on multiple platforms per
    push to the source code repository. In addition, there are more
    extensive test suites run daily and weekly.

  - Unit and regression tests are run on both debug and optimized
    builds.

  - Each micro release receives extensive testing between code freeze
    and release. This includes the full functional test suite,
    performance regression testing, load and stress testing and
    compatibility and upgrade testing from previous micro and
    minor/major releases.

  - Tests are run on all supported platforms.

In Ubuntu:

  - Unit and regression tests are run as part of the package build
    process, and the package FTBFS if tests fail.

  - Micro releases for MySQL Server 5.1 and 5.5 have routinely been
    accepted as security updates since Ubuntu 12.04 without known
    regressions.

Additional notes (by rbasak):

+1 from the Ubuntu Server team. We've been in regular contact with
upstream for a while now, including their attendance at a number of past
vUDSs. I met them last weekend at FOSDEM, and we discussed this
exception.

Upstream do not make security patches publicly available, instead
releasing a new stable release each time security updates are required.
Thus, the security team have had no choice but to bump to the latest
release for mysql-5.5 security updates anyway.

So users get a micro release bump that includes bugfixes when there is a
security update, but do not get bugfixes if there is an upstream stable
release that do not include any security updates.

Given that this happens, it is an odd situation that users end up
effectively waiting for a security vulnerability to get any intermediate
bugfixes.

An MRE would make the experience for users more consistent.

Thanks,

Robie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/technical-board/attachments/20140206/63a8eb1f/attachment.pgp>


More information about the technical-board mailing list