Hi Otto,

 

I wanted to provide some clarification regarding the ownership and modification of the wire protocol

 

It's crucial to understand that the wire protocol is not solely an interplay between MariaDB Server and MariaDB Connector/C. Instead, it involves a more intricate interaction among existing language drivers, many of which are not affiliated with either MariaDB Corporation or MariaDB Foundation.

 

This distinction is vital because it seems to be frequently overlooked. There are numerous client drivers beyond our direct control, many of which are not C based, and some that may not be favorable to MariaDB (e.g MySQL Connector/NET). The usage of MariaDB

Connector/C protocol implementation together with our server might be substantially less than other popular implementations, such as PHP MySQL driver.

 

Ownership of the MySQL wire protocol naturally lies with Oracle/MySQL. While MariaDB documents and generally strives to comply with it, there are instances where MariaDB extends the protocol, such as hijacking reserved bits in the handshake packet. Oracle may not officially recognize these extensions, this can lead to conflicts in future versions.

 

It's worth noting that MariaDB protocol extensions are not exclusive to MariaDB Connector/C; they encompass some/most/all MariaDB-aware clients. Client-server protocol enhancements may come from other drivers. For instance, the development of type-info extensions was influenced by the requirements of the MariaDB Node.js driver.

 

Regarding the  pull request (https://github.com/mariadb-corporation/mariadb-connector-c/pull/227), I have reservations for several reasons. Firstly, the alleged issues it addresses, which stem from the MySQL protocol, should ideally be brought to MySQL first. If MySQL addresses them, MariaDB will naturally follow suit. All connectors are fixed, everyone benefits. Secondly, I'm sure the importance of alleged bug and security dangers of are overstated. The concern regarding the disclosure of geographical location through the charset byte argument lacks substantial evidence, because 99.99% clients are either using location-less UTF8 or repeat the charset server sends in cleartext. Furthermore, the lack of responsiveness from the author to reviewer most recent comments, particularly about avoiding protocol modifications, is concerning.

 

Given these considerations, I'd rather not see this PR pushed in its current form. I'm not sure how changing repository location between corporation and foundation will make this PR better.

 

Best regards,

Wlad

 

From: Otto Kekäläinen via developers
Sent: Friday, April 12, 2024 7:02 AM
To: MariaDB developers
Cc: Kaj Arnö; Anna Widenius
Subject: [MariaDB developers] MariaDB/MySQL wire protocol ownership and MariaDB Connector C source code hosting?

 

Hi!

 

The MariaDB wire protocol is an interplay between the MariaDB Server

and the MariaDB Connector C. However, only the server is in the

MariaDB Foundation's GitHub account at

https://github.com/mariadb/server, and the Connector C is in the

MariaDB PLC account at

https://github.com/mariadb-corporation/mariadb-connector-c.

 

Is there perhaps some plan to hand over the Connector C to the MariaDB

Foundation?

 

The reason I am asking is that the connector does not seem equally

"true open source" as the server is, making changes that require

coordination in both server and connector (e.g.

https://github.com/mariadb-corporation/mariadb-connector-c/pull/227)

kind of out-of-scope for the MariaDB Foundation, which seems

counterproductive.

 

If/when wire protocol changes might be made and changes to both server

and libmariadb coordinated in an open "working group" like suggested

in https://github.com/MariaDB/server/pull/2684, it might be very

challenging for the Foundation or the open source community to drive

it if the PLC staff member maintaining the connector does not

participate.

 

Also, seems the PR reviews at

https://github.com/mariadb-corporation/mariadb-connector-c/pulls have

been stalled since 2022. MariaDB Foundation staff are funded to

facilitate reviews, but can't really be *responsible* for reviewing

them as long as it is not a Foundation repository and review policies

are not owned by the Foundation.

 

It would just make a lot of sense if such a central piece of the

MariaDB Server would be in the Foundation's GitHub account. The

MariaDB Connector C / libmaraidb is already published and distributed

by the MariadB Foundation, so moving the source code hosting over

shouldn't big such a big thing, right?

 

- Otto

_______________________________________________

developers mailing list -- developers@lists.mariadb.org

To unsubscribe send an email to developers-leave@lists.mariadb.org