On Tue, 2012-02-07 at 01:50 -0800, Clint Byrum wrote:
I'm writing to the greater Debian and Ubuntu community to ask for your thoughts on a proposal to drop MySQL in favor of MariaDB. Its clear to me that Oracle is not going to do work in the open, and this will become a huge support burden for Linux distributions. The recent CVE's had to be hunted down and investigated at great difficulty to several people, since the KB articles referenced and the internal Oracle bug numbers referenced were not available.
This will only get harder as the community bug tracker gets further out of sync with the private one.
As a member of the security team, I think Oracle's move to a private bug tracker and not publishing details on the security issues is a disaster for Linux distributions attempting to maintain MySQL. I would support moving to a project that still does development in the open and is not actively trying to hide details of security issues. Marc.