Hi, Jeff!
On Jun 12, Jeff Dyke wrote:
> Out of curiosity, why doesn't this release get pulled from
> repositories. I understand all of the rationale behind no tests until
> the bug hits(and agree with it), i've been using mysql since 4.06, or
> 3.x i believe. I've never seen a "use [database]" case a segfault. I
> realize information_schema is special as is performance_schema. This
> is just a question, not a judgement.
Sometimes we do pull releases.
Or we can do an urgent out-of-schedule release.
Or both.
Depends on when the bug was introduced and when it was discovered, how
serious it is (https://mariadb.org/about/security-policy/), how many
users are affected, etc.
If a regression affects lots of users and is discovered within hours
after the release (it happened, may be, only once in 10 years), then we
pull the release from repositories. To reduce the number of users who
would be affected by it.
The first email in this thread came almost a month after 10.3.15
release. At that point it's too late to pull a release - the majority of
10.3.16 users has already installed it. Also it shows that the bug does
not affect that many users, otherwise we would've got reports about it
much earlier.
So, we're doing an out-of-schedule release to fix this embarassing
regression, but not pulling the old release.
Btw, use information_schema; on itself does not cause a segfault, we use
this statement many times in the test suite.
Regards,
Sergei
Chief Architect MariaDB
and security@mariadb.org