This is the third time MySQL has made an entry into the Oracle Critical Patch Update Advisory service. The first time, we at Team MariaDB came up with an analysis: Oracle’s 27 MySQL security fixes and MariaDB.
Security is important to a DBA. Having vague explanations does no one any good. Even Oracle ACE Director Ronald Bradford chooses to ask some tough questions on this issue. Recently we found a bug in MySQL & MariaDB and did some responsible disclosure as well.
Security is a big deal to distributions shipping MySQL. It comes alongside having a good, accessible bugs system. Recall a discussion a while back about possibly even replacing MySQL with MariaDB (this led to a fun discussion and a long meeting at UDS Oakland to ensure choice).
These discussions always come back. Today on the Debian mailing list, the suggestion popped back up again. I’m sure it will pop up again in October when the next CPU includes some fixes in MySQL…
What is Oracle going to do about this? Will it start being more open (not with a select few folk, but with the wider community)?