[vUDS Blueprint 13.10] MongoDB into Ubuntu main

Clint Byrum clint at ubuntu.com
Tue Apr 30 17:38:35 UTC 2013


Excerpts from James Page's message of 2013-04-30 05:22:31 -0700:
> Hi List
> 
> MongoDB is becoming a popular core technology for Ubuntu Server, both in 
> its own right as a scalable, nosql database to support massive data 
> storage, and as a supporting technology for two other key projects; 
> OpenStack Ceilometer and Juju.
> 
> Both Ceilometer and Juju will most likely be included in Ubuntu main for 
> Saucy so I'm proposing that we review MongoDB with the intent of 
> including it in Ubuntu main as well, where it will receive the full 
> attention of the Ubuntu Security Team for security updates and have 
> increased focus from the Ubuntu Server Team for important bug fixes etc...
> 
> For Saucy, this would mean supporting the shipped release of MongoDB 
> (probably 2.4.x) for 9 months; this gets more challenging for 14.04 
> where the support lifetime of the release is 5 years (with at least two 
> years of aggressive security and functional bug fixes to get people to 
> 16.04).   We should apply for a minor release exception from the 
> technical board so we can ship point releases from upstream during the 
> lifetime of 13.10 and 14.04.
> 
> We should also look at improving the support for non-x86 architectures; 
> specifically armhf which will be important for Ubuntu Server in 
> hyperscale ARM server deployments.  This work would be upstreamed where 
> possible.
> 
> I'd also like to see if we can work with 10gen on the MongoDB license to 
> allow us to enable SSL support in MongoDB upstream in Debian (and in 
> other distros). This will allow us to decrease the packaging delta 
> between Ubuntu and Debian.
> 

Just for reference, 10gen has already made it clear in their public bug
tracker that they believe one needs to get in touch with their sales
department if they want a license exception:

https://jira.mongodb.org/browse/SERVER-8886

So, one could argue that the current Ubuntu packages, which do link
mongodb to OpenSSL, are violating the AGPL license. There is of course
the special exception for system libraries, but that requires that one
prove OpenSSL is "a major essential component of the specific operating
system on which the executable work runs". Not a huge stretch, but one
that Debian has been reluctant to make.

Seems like a simple way forward would be to add gnutls support to MongoDB
so that this becomes a non-issue.




More information about the ubuntu-server mailing list