maria-discuss team mailing list archive

[Jeff Dyke <jeff.dyke@xxxxxxxxx>]

Thank you for the detailed response, much appreciated.  I may have done
something else or had database corruption on a test box b/c when i changed
in the basic mysql client, that occured.  Though i'm not going to stand
behind that as an absolute b/c that test machine has already been destroyed.

Best,
Jeff


On Thu, Jun 13, 2019 at 6:06 AM Sergei Golubchik <serg@xxxxxxxxxxx> wrote:

> Hi, Jeff!
>
> On Jun 12, Jeff Dyke wrote:
> > Out of curiosity, why doesn't this release get pulled from
> > repositories.  I understand all of the rationale behind no tests until
> > the bug hits(and agree with it), i've been using mysql since 4.06, or
> > 3.x i believe.  I've never seen a "use [database]" case a segfault.  I
> > realize information_schema is special as is performance_schema.  This
> > is just a question, not a judgement.
>
> Sometimes we do pull releases.
> Or we can do an urgent out-of-schedule release.
> Or both.
>
> Depends on when the bug was introduced and when it was discovered, how
> serious it is (https://mariadb.org/about/security-policy/), how many
> users are affected, etc.
>
> If a regression affects lots of users and is discovered within hours
> after the release (it happened, may be, only once in 10 years), then we
> pull the release from repositories. To reduce the number of users who
> would be affected by it.
>
> The first email in this thread came almost a month after 10.3.15
> release. At that point it's too late to pull a release - the majority of
> 10.3.16 users has already installed it. Also it shows that the bug does
> not affect that many users, otherwise we would've got reports about it
> much earlier.
>
> So, we're doing an out-of-schedule release to fix this embarassing
> regression, but not pulling the old release.
>
> Btw, use information_schema; on itself does not cause a segfault, we use
> this statement many times in the test suite.
>
> Regards,
> Sergei
> Chief Architect MariaDB
> and security@xxxxxxxxxxx
>