Hi, Jeff! On Jun 12, Jeff Dyke wrote:
Out of curiosity, why doesn't this release get pulled from repositories. I understand all of the rationale behind no tests until the bug hits(and agree with it), i've been using mysql since 4.06, or 3.x i believe. I've never seen a "use [database]" case a segfault. I realize information_schema is special as is performance_schema. This is just a question, not a judgement.
Sometimes we do pull releases. Or we can do an urgent out-of-schedule release. Or both. Depends on when the bug was introduced and when it was discovered, how serious it is (https://mariadb.org/about/security-policy/), how many users are affected, etc. If a regression affects lots of users and is discovered within hours after the release (it happened, may be, only once in 10 years), then we pull the release from repositories. To reduce the number of users who would be affected by it. The first email in this thread came almost a month after 10.3.15 release. At that point it's too late to pull a release - the majority of 10.3.16 users has already installed it. Also it shows that the bug does not affect that many users, otherwise we would've got reports about it much earlier. So, we're doing an out-of-schedule release to fix this embarassing regression, but not pulling the old release. Btw, use information_schema; on itself does not cause a segfault, we use this statement many times in the test suite. Regards, Sergei Chief Architect MariaDB and security@mariadb.org