Thank you for the detailed response, much appreciated. I may have done something else or had database corruption on a test box b/c when i changed in the basic mysql client, that occured. Though i'm not going to stand behind that as an absolute b/c that test machine has already been destroyed. Best, Jeff On Thu, Jun 13, 2019 at 6:06 AM Sergei Golubchik <serg@mariadb.org> wrote:
Hi, Jeff!
On Jun 12, Jeff Dyke wrote:
Out of curiosity, why doesn't this release get pulled from repositories. I understand all of the rationale behind no tests until the bug hits(and agree with it), i've been using mysql since 4.06, or 3.x i believe. I've never seen a "use [database]" case a segfault. I realize information_schema is special as is performance_schema. This is just a question, not a judgement.
Sometimes we do pull releases. Or we can do an urgent out-of-schedule release. Or both.
Depends on when the bug was introduced and when it was discovered, how serious it is (https://mariadb.org/about/security-policy/), how many users are affected, etc.
If a regression affects lots of users and is discovered within hours after the release (it happened, may be, only once in 10 years), then we pull the release from repositories. To reduce the number of users who would be affected by it.
The first email in this thread came almost a month after 10.3.15 release. At that point it's too late to pull a release - the majority of 10.3.16 users has already installed it. Also it shows that the bug does not affect that many users, otherwise we would've got reports about it much earlier.
So, we're doing an out-of-schedule release to fix this embarassing regression, but not pulling the old release.
Btw, use information_schema; on itself does not cause a segfault, we use this statement many times in the test suite.
Regards, Sergei Chief Architect MariaDB and security@mariadb.org