Hi Otto and Wlad, and everyone who wants protocol security and compatibility,
Let me offer my perspective on this.
Best case: it moves things in the direction of a consensus on what needs to be done.
Worst case: we get clarity and move on to other, more actionable items.
First, as Otto points out, the Connectors are owned by MariaDB plc even if license-wise and community-wise, MariaDB Foundation is their natural habitat. In my personal ideal world, they would move to our Github "where they belong". But even if plc saw it the same way, that is a double-edged sword. The Foundation staff is not well equipped to review and merge patches in Connectors, as our expertise is on the Server side and as protocol changes are very tricky (and as far as I am aware, Foundation staff hasn't orchestrated a single one).
Second, there are important security concerns. They were well articulated by Daniel Lenski in the October 2023 MariaDB Unconference. They come on several levels of abstraction, seriousness, and actionability. The most serious one in my mind was the silent de-escalation of an encrypted connection to a non-encrypted one, no warnings given. However, that was fixed in MariaDB 11.4, see "Mission Impossible: Zero-Configuration SSL"
https://mariadb.org/mission-impossible-zero-configuration-ssl/).
Third, there are important compatibility concerns. They are well articulated by Sergei Golubchik and Wlad Vaintroub, in this thread, in Jira, and elsewhere. These concerns also come on several levels of abstraction, seriousness, and "non-actionability" (as compatibility concerns tend to form constraints about what cannot be one). The most serious one in my mind is the need for clients (connectors) to work with most Server versions, including old ones from MySQL. And as stated by Wlad, third-party connectors are not under our direct influence, so we cannot tweak the protocol at will.
Sadly, these three items in combination make it hard for us within the Foundation to move things along, like we usually do within the Server. What we think needs to be done is to identify a meaningful way to achieve a reasonable combination of security and compatibility.
Neither security nor compatibility are absolute, black-and-white entities. We don't want to compromise on security, but we also do want to work – at least to some degree – with the MySQL protocol. We do want newer Connectors to work with older versions (even of MySQL), but we also don't want to silently disable SSL for users who explicitly turn it on. Happily, starting 11.4, we no longer do so.
I've asked Vicentiu Ciorbaru about his take. His answer: "There have been discussions back and forth about various approaches, but neither side really made any clear hints as to what would be an acceptable compromise."
My take: Having a "Security Side" and a "Compatibility Side" feels strange, as I see Sergei Golubchik and Wlad Vaintroub as generally very strong security proponents, and I don't think Otto Kekäläinen or Daniel Lensky have any reason to ignore the constraints posed by compatibility.
I first thought about creating a Connector "strain" that implements better security, at some cost to compatibility. We would thus have several strains, in parallel – in the biology sense of the word strain. One would be a pure "Safe MariaDB Connector" that works only with MariaDB Server, starting from some version. But I am unsure whether such a "Tasmanian Solution" would in any way be meaningful, as it would be an isolated island in the overall ecosystem, only part of which is under MariaDB Foundation influence.
Meanwhile, normal work on accepting and rejecting individual pull requests will continue. That will happen on technical merit, and my possibility to contribute is limited. But if anyone sees systemic issues or solutions, I'm happy to stay involved.
Kaj