Web lists-archives.com

Re: Reducing the attack surface caused by Berkeley DB...

On Fri, Jan 26, 2018 at 11:49:41PM +0100, Lionel Debroux wrote:
> On 1/26/18 11:39 AM, David Kalnischkies wrote:
> > Finding someone performing the daunting task of actually switching
> > code, documentation and existing databases over on the other hand… I
> > at least don't see me enthusiastically raising my arm crying "let me,
> > let me, …".
> Heh. Neither do I see myself for such a task :)

Open source development does not work by random people on the internet 
telling volunteers in a project what they should do.

Guillem already pointed at a mail thread with the same suggestion
on this same mailing list 4 years ago.

There doesn't seem to be any disagreement on the general idea,
the only thing missing is a person doing the work on getting
all Debian packages ported away from Berkeley DB while ensuring
that users don't lose data due to that.[1]

Since this is something that is important for you,
this is a great opportunity for you to get involved
in Debian development.

If it is not important enough for you to spend your time on it,
then 2022 is the estimated date when the next person will start
a "remove Berkeley DB" discussion on this mailing list...  ;-)

> Thanks,
> Lionel.


[1] it is not clear whether there will have to be one more
    Debian release with Berkeley DB just for upgrades


       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed