| 25 Nov 2024 |
 emily | (and it's keeping alive e.g. jxrlib which is itself in a poor maintenance state and which Debian applies a pile of patches to for worrying-looking UB…) | 09:18:54 |
| emily | I think it's safe to say upstream is not going to suddenly fix all those CVEs. I see some downstream forks that purport to try and do so but they don't fill me with confidence | 09:19:26 |
 tgerbet | Yes it is kinda in my list but I'm quite behind things at the moment and the last I looked at it it did not seem like quick adventure 🥲
Some of the consumers might not need it anymore like `kew` once they are upgraded to the latest version | 09:29:03 |
| emily | oh I mean I don't mind doing it if we want to do it – it's in the way of other stuff | 09:29:57 |
| emily | (colmap uses an old Boost and jxrlib needs patching for GCC 14) | 09:30:11 |
| emily | kew already doesn't use it | 09:30:16 |
| emily | AFAICT the stuff we lose that seems like anyone might care about it is some Deepin apps we don't install by default precisely because of FreeImage, and TrenchBroom | 09:30:46 |
| emily | ok, and https://slade.mancubus.net/index.php?page=news which I guess is another (related?) level editor | 09:31:49 |
| emily | oh sorry you're right kew does still use it. ripgrep failure | 09:32:10 |
| emily | and indeed it seems to have dropped the dep | 09:32:34 |
|  @aloisw:kde.org left the room. | 18:06:02 |
| 26 Nov 2024 |
 SigmaSquadron | hexa: Mind if I DM you for discussing a Security Team matter? | 01:28:27 |
 hexa | sure | 01:28:58 |
|  @fifteenconcierge:matrix.org removed their display name Neco Arc 🇵🇸. | 15:07:52 |
| @fifteenconcierge:matrix.org left the room. | 15:41:40 |
| 27 Nov 2024 |
|  @sky1e:mildlyfunctional.gay left the room. | 03:14:39 |
|  stigo changed their display name from stigo to stigo (away). | 20:49:40 |
| 28 Nov 2024 |
| emily | tgerbet: do you actually care about MySQL 8.0 or do you just update it as harm reduction because nobody else is? | 08:56:28 |
| emily | I notice that the Percona Server fork seems to be on a version that presumably has the trillion CVEs from the last couple MySQL bumps 🥴 | 08:57:48 |
| tgerbet | Option 2: I do not care that much but it is used so I do it 🥲 | 08:58:30 |
| tgerbet | Ah yeah Percona… I will take a look, their releases are delayed after MySQL upgrades so it is easy to forget especially since the CVEs are not mapped to match it | 09:00:50 |
| emily | ah, I wasn't prompting you to update it. | 09:01:21 |
| emily | well, I mean, it probably should be updated if anyone's using it | 09:01:34 |
 ma27 | In reply to @emilazy:matrix.org
I notice that the Percona Server fork seems to be on a version that presumably has the trillion CVEs from the last couple MySQL bumps 🥴 osnyx (he/him) fyi ^ | 09:01:42 |
| emily | but they're causing me pain on staging so I was trying to figure out if people actually care. | 09:01:44 |
| emily | to which I guess the answer is "sadly, yes" :) | 09:01:52 |
| emily | I think GCC 14 might break them. I'm double-checking now because I have other stuff piled on top that could be breaking them too. | 09:02:13 |
 osnyx (he/him) | Both MySQL as well as Percona 8.0 are still LTS-supported, so people tend to still use them. | 09:05:27 |
| emily | right. I was just wondering since it seemed like nobody had packaged any of the later versions of MySQL (but I guess few are picking MySQL for anything greenfield) | 09:05:57 |
