Posted on 3 Comments

Putting a premium on quality?

I wrote about this in a comment to Tip of the Day — What MySQL Version to Use by Keith Murphy, but I think it’s worthy a separate post and perhaps a little debate. I’m interested to hear what other community members think of this *now*.

Keith noted that he runs builds by Sun-MySQL, since the various distros are often far behind in terms of the MySQL server version they provide. Commenters noted that Debian does backport security fixes, but sticks with older versions. It’s also the case that Ubuntu actually uses very recent versions.

I feel that generally, security patches are not the main issue for production servers, since they have no direct external exposure (that may be debatable, and please feel free to comment on this!). While security in this type of environment is not completely unimportant, I feel that fixes for functional problems are much more relevant as they direct affect the application. You’d want to make sure your replication is as stable as possible, even if you have not yet been bitten by a problem that others have reported.

Right now, a key factor is that community builds by Sun-MySQL are only periodic, whereas if you want the latest patches you need to subscribe to MySQL Enterprise or gets the enterprise builds from elsewhere. Is “speed of patches for production use” something that can be charged, or should bugfixes be available quickly to all who use the software? An interesting debate.

While you can make a valid case for the former, I currently lean towards the latter. New features are a different issue again, and we can discuss that later. But with bugfixes, it’s not just about providing extra value, it’s about the perceived quality of the overall product and for that the community (and its opinion) is vital. Putting the quality behind a pricetag makes this problematic…. is that really added value, or is it charging for something that the community feels should be theirs anyway? Not that the community is always right in what it feels it should be able to get, but in this case I reckon they may have at least a valid point that merits consideration.

What do you think about this? Note that I’m not debating MySQL Enterprise since that offering involves more than just builds, nor possible alternatives to the current Sun-MySQL build policy and revenue model. I’m not obliged to provide an alternative at this stage; if there’s something wrong, it’d be wrong regardless of whether we’ve already come up with an alternative.
So I merely want to look at this one aspect of putting a premium on bugfixes. Please comment! Thanks

Posted on 3 Comments

3 thoughts on “Putting a premium on quality?

  1. Sun-MySQL needs to get rid of the Enterprise/Community nightmare. They should release quality builds with much greater frequency than the current community model. I don’t think anything was wrong with the original model and think MySQL should return to it.

    I feel security patches are very important. While ideally all production databases are secured behind a firewall, often it is the case that development databases are not secured well, if at all. Most development databases likely have some sensitive data, and a MySQL vulnerability combined with something else like a OS security escalation vulnerability could open you up to a big intrusion problem. Therefore, IMHO it makes sense to backport security patches, but lots of care has to be taken to ensure that no regressions or side effects are introduced. Personally, I think that it makes more sense to push newer versions of the database as they are released, but this is totally up to the distros.

  2. Except that you can get the binary builds from Dorsal Source, so technically you don’t need to pay to legally get a copy.

    Plus, theoretically it takes more work to build the Community binaries than to not build the Community binaries — in reality I suppose it doesn’t actually take a lot more work, because MySQL has stated that Community binaries aren’t tested as thoroughly.

    The point is, though, that debating on whether or not bugfixes should cost money is not really an issue, because they don’t have to cost money.

    But yeah, there’s no reason MySQL shouldn’t just release the binaries and source code for Enterprise, period. Since they’re really selling their services, why bother pretending to sell Enterprise?

  3. Serious security issues, like the recent one in yaSSL, prompt a rapid new release of both the enterprise (MRU) and community versions of the server, regardless of whether a release is scheduled or not.

Comments are closed.