[ubuntu-hardened] MRE request: mysql-5.5
robie.basak at ubuntu.com
Thu Feb 6 13:31:47 UTC 2014
Application drafted by MySQL upstream:
I would like to apply for a micro release exception for MySQL
- Micro releases happen from low-volume stable branches,
approximately once every two months.
- Stable branches are supported with bug fixes for 8 years.
- Upstream commits are reviewed by members of the MySQL Server
- All commits to stable branches are evaluated wrt. potential
regressions and signed off by the MySQL Support team.
- Unit tests and regression tests are run on multiple platforms per
push to the source code repository. In addition, there are more
extensive test suites run daily and weekly.
- Unit and regression tests are run on both debug and optimized
- Each micro release receives extensive testing between code freeze
and release. This includes the full functional test suite,
performance regression testing, load and stress testing and
compatibility and upgrade testing from previous micro and
- Tests are run on all supported platforms.
- Unit and regression tests are run as part of the package build
process, and the package FTBFS if tests fail.
- Micro releases for MySQL Server 5.1 and 5.5 have routinely been
accepted as security updates since Ubuntu 12.04 without known
Additional notes (by rbasak):
+1 from the Ubuntu Server team. We've been in regular contact with
upstream for a while now, including their attendance at a number of past
vUDSs. I met them last weekend at FOSDEM, and we discussed this
Upstream do not make security patches publicly available, instead
releasing a new stable release each time security updates are required.
Thus, the security team have had no choice but to bump to the latest
release for mysql-5.5 security updates anyway.
So users get a micro release bump that includes bugfixes when there is a
security update, but do not get bugfixes if there is an upstream stable
release that do not include any security updates.
Given that this happens, it is an odd situation that users end up
effectively waiting for a security vulnerability to get any intermediate
An MRE would make the experience for users more consistent.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the ubuntu-hardened