Comment 3 for bug 1768119

All these have a very active security history, it would be good to have an official buy-in from the Security team. They will also benefit from a security review.

I'm concerned by percona-xtrabackup, it does not seem well maintained in Debian, which increases the work for us. It is not up to date in the Ubuntu archive either. There's also a patch for mips assembler, which doesn't fill me with confidence.

percona-xtradb-cluster has had a lot of CVEs in the past. It also seems to be slightly out of date in the Ubuntu archive, and newer versions are not at all in Debian.

libdbd-mysql-perl is in a set of packages that we typically consider to be well-maintained in Debian, which is a good sign. Tests exists and are run at build time, that's good.

Are there any plans, any steps to move away from percona software, which seems to be relatively poorly maintained?