Comment 26 for bug 1427406

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I'm sorry, but I don't see how we can carry these patches in the Ubuntu MySQL packages.

Since Oracle no longer discloses details of their MySQL security vulnerabilities, we have no other choice than to upgrade to their latest upstream version when they publish vulnerability details. This implies that we are relying on their internal testing for each release.

Adding these patches will prevent us from being able to update to a new MySQL version as soon as it is available as the patches will require porting and testing. Diverging from upstream also means we aren't actually running the code that has passed their testing.

On top of that, there is no clear indication these patches will actually end up in the next MySQL version, as there is a contributor agreement issue.

Due to these reasons, I have to object to carrying these patches in Ubuntu.