Hi Otto and Wlad, and everyone who wants protocol security and compatibility,

Let me offer my perspective on this.

Best case: it moves things in the direction of a consensus on what needs to be done.

Worst case: we get clarity and move on to other, more actionable items.

First, as Otto points out, the Connectors are owned by MariaDB plc even if license-wise and community-wise, MariaDB Foundation is their natural habitat. In my personal ideal world, they would move to our Github "where they belong". But even if plc saw it the same way, that is a double-edged sword. The Foundation staff is not well equipped to review and merge patches in Connectors, as our expertise is on the Server side and as protocol changes are very tricky (and as far as I am aware, Foundation staff hasn't orchestrated a single one).

Second, there are important security concerns. They were well articulated by Daniel Lenski in the October 2023 MariaDB Unconference. They come on several levels of abstraction, seriousness, and actionability. The most serious one in my mind was the silent de-escalation of an encrypted connection to a non-encrypted one, no warnings given. However, that was fixed in MariaDB 11.4, see "Mission Impossible: Zero-Configuration SSL" https://mariadb.org/mission-impossible-zero-configuration-ssl/).

Third, there are important compatibility concerns. They are well articulated by Sergei Golubchik and Wlad Vaintroub, in this thread, in Jira, and elsewhere. These concerns also come on several levels of abstraction, seriousness, and "non-actionability" (as compatibility concerns tend to form constraints about what cannot be one). The most serious one in my mind is the need for clients (connectors) to work with most Server versions, including old ones from MySQL. And as stated by Wlad, third-party connectors are not under our direct influence, so we cannot tweak the protocol at will.

Sadly, these three items in combination make it hard for us within the Foundation to move things along, like we usually do within the Server. What we think needs to be done is to identify a meaningful way to achieve a reasonable combination of security and compatibility.

Neither security nor compatibility are absolute, black-and-white entities. We don't want to compromise on security, but we also do want to work – at least to some degree – with the MySQL protocol. We do want newer Connectors to work with older versions (even of MySQL), but we also don't want to silently disable SSL for users who explicitly turn it on. Happily, starting 11.4, we no longer do so.

I've asked Vicentiu Ciorbaru about his take. His answer: "There have been discussions back and forth about various approaches, but neither side really made any clear hints as to what would be an acceptable compromise."

My take: Having a "Security Side" and a "Compatibility Side" feels strange, as I see Sergei Golubchik and Wlad Vaintroub as generally very strong security proponents, and I don't think Otto Kekäläinen or Daniel Lensky have any reason to ignore the constraints posed by compatibility.

I first thought about creating a Connector "strain" that implements better security, at some cost to compatibility. We would thus have several strains, in parallel – in the biology sense of the word strain. One would be a pure "Safe MariaDB Connector" that works only with MariaDB Server, starting from some version. But I am unsure whether such a "Tasmanian Solution" would in any way be meaningful, as it would be an isolated island in the overall ecosystem, only part of which is under MariaDB Foundation influence.

Meanwhile, normal work on accepting and rejecting individual pull requests will continue. That will happen on technical merit, and my possibility to contribute is limited. But if anyone sees systemic issues or solutions, I'm happy to stay involved.

Kaj
--
Kaj Arnö, CEO

MariaDB Foundation | @mariadb_org | @kajarno


Den fre 12 apr. 2024 kl 08:02 skrev Otto Kekäläinen <otto@kekalainen.net>:
Hi!

The MariaDB wire protocol is an interplay between the MariaDB Server
and the MariaDB Connector C. However, only the server is in the
MariaDB Foundation's GitHub account at
https://github.com/mariadb/server, and the Connector C is in the
MariaDB PLC account at
https://github.com/mariadb-corporation/mariadb-connector-c.

Is there perhaps some plan to hand over the Connector C to the MariaDB
Foundation?

The reason I am asking is that the connector does not seem equally
"true open source" as the server is, making changes that require
coordination in both server and connector (e.g.
https://github.com/mariadb-corporation/mariadb-connector-c/pull/227)
kind of out-of-scope for the MariaDB Foundation, which seems
counterproductive.

If/when wire protocol changes might be made and changes to both server
and libmariadb coordinated in an open "working group" like suggested
in https://github.com/MariaDB/server/pull/2684, it might be very
challenging for the Foundation or the open source community to drive
it if the PLC staff member maintaining the connector does not
participate.

Also, seems the PR reviews at
https://github.com/mariadb-corporation/mariadb-connector-c/pulls have
been stalled since 2022. MariaDB Foundation staff are funded to
facilitate reviews, but can't really be *responsible* for reviewing
them as long as it is not a Foundation repository and review policies
are not owned by the Foundation.

It would just make a lot of sense if such a central piece of the
MariaDB Server would be in the Foundation's GitHub account. The
MariaDB Connector C / libmaraidb is already published and distributed
by the MariadB Foundation, so moving the source code hosting over
shouldn't big such a big thing, right?

- Otto


--
Kaj Arnö, CEO

MariaDB Foundation | @mariadb_org | +358-45-1589296 | @kajarno