[debian-mysql] Bug#855936: Bug#850216: mysql-server-5.6: Listens on * by default after installation (related to use of alternatives)

[Otto Kekäläinen]

Hello!

2017-02-23 16:27 GMT+02:00 Robie Basak <robie.basak at ubuntu.com>:
> The rule would be: any package that arranges a /etc/mysql/my.cnf
> symlink, usually via /usr/share/mysql-common/configure-symlinks, MUST
> Provide and Conflict mysql-my-cnf, with the exception of mysql-common.

Sorry for the late reply. I think that the urgent security slip was
already fixed by updating mariadb-10.1 to have the correct conflicts.

I can see the point in introducing a new metapackage to prevent it
from happening again, but then again we already have quite a lot of
virtual and metapackages, and this feels a bit of over-engineering and
I am afraid that while solving the issue it also adds to the stuff we
need to maintain and document etc. Due to backwards compatiblity we
might have to maintain in parallel anyway the direct conflicts plus
the usage of this new metapackage.

Please allow for some more time for me to think about this before
introducing new metapackages.

> This presumably can't go in during the stretch freeze, so is it time to
> branch off in git for stretch across mysql-defaults, mysql-5.7 (maybe
> not needed as it's not in stretch) and mariadb-10.1 as needed, so we can
> start committing changes for post-stretch?

Personally I'd like to focus my time right now on 'stand-by' for
potential issues that might still pop up during the freeze. I didn't
find a nice overview of how many RC bugs there still are for Stretch
or such (mostly browsing https://release.debian.org/), but I assume
the release is near and then we can for sure branch off maintenance
branches.