Excerpts from Olaf van der Spek's message of Tue Apr 10 10:23:27 -0700 2012: > On Tue, Apr 10, 2012 at 5:59 PM, micah anderson <mi...@riseup.net> wrote: > > I agree. However, the reality is that the security upgrade brought in > > unrelated changes to the security upgrade and caused unrelated software > > to break. > > The problem is that Oracle does not release individual security > updates. So Debian can't provide them (easily) either. >
Right. We're stuck between a rock and a hard place. If somebody wants to produce a patch that fixes this problem, I'd be happy to help get it out to affected users in a subsequent update. But I don't really have the resources to triage and fix this individual issue, and upstream doesn't seem interested in fixing it, so I don't think there's much we can do. I would encourage you to participate in the discussions that are sure to happen in the coming weeks around whether or not it is still appropriate to ship MySQL to Debian users given these problems, and around alternative databases that will continue to provide full disclosure of security vulnerabilities. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
