Hi, Daniel! On Dec 02, Daniel Black wrote:
Thanks for the latest releases with security fixes.
While I appreciate that all of the development of these security fixes was in public (without mentioning it was a security fix - well at least the remote code exec), I'm wondering if security releases could occur on a weekday where sysadmins need not forsake part of their weekend to correct a public vulnerability. Just my thoughts and preferences. I appreciate others may consider things different.
Yes, I agree. And I'm sorry for this. The release was delayed, because it was our first "a" release (with a letter in the version), and neither packaging nor publishing system wasn't quite ready for that. Normally we try to release early in the week. On the other hand, after we released fixed binaries, there was a public disclosure of this vulnerability on the various security mailing lists, accompanied with an exploit. Apparently, it was found independently, and almost at the same time. Had we waited with our release till Monday, our users wouldn't have a fixed version, when the exploit went public.
It also appears that the fedora 17 mariadb galera updates are only partially pushed. Maybe its just my setup after switching from non-galera repo.
Probably, yes. Next week we're going to do the next MariaDB-Galera release, and then we remove "galera repo". We will have one repository both with galera and non-galera packages. Regards, Sergei