I’m getting more and more concerned about the current Oracle approach to MySQL security. And the fact that I was solely responsible for the firstname.lastname@example.org for about ten years, doesn’t make it easier, on the contrary, it only emphasizes changes in the attitude.
Starting from the obvious — somewhat slower response to critical bug fixes, which can be expected, Oracle is a big company, right? Very little information about security vulnerabilities is disclosed, CPUs are carefully stripped from anything that might help to understand the problem, it takes hours to map them to code changes. Heck, even test cases are kept private now. This seriously smells[Read more...]