Fix Version/s: None
When building mariadbclient, cmake identifies libz from a separate python installation than the one setup to run the stack. I have an anaconda installation on the disk, and a miniconda installation set up specifically for the lsst stack. During the building process CMake for some reason finds the alternate libz associated with that python installation.
I take this as approval that I should merge the mariadbclient changes and leave mariadb unchanged. The latter will only cause issues if mariadb is being used as a server on a machine that differs to the one it was built on.
> As discussed on the community post, Mario Juric requests that we use bundled libz and ssl and I've adjusted the patch to implement that.
Just to clarify the process (as I've seen the same misunderstanding arise elsewhere): this wasn't meant to be a formal request, just a question/comment! What goes into a release (including potential workarounds) is within the release manager's scope of authority, with some oversight from Architecture re long-term concerns (e.g. cybersecurity).
Mario Juric your comments carry weight on this project
My job is to get everyone to (finally) agree on a fix (this ticket was filed two months ago) so I'm glad we have some form of resolution. What goes in the release is a completely different issue. I'm just happy to be able to close the ticket.
I have merged the mariadbclient fix and left mariadb using the system libraries. It's trivial to also switch mariadb to bundled libraries if we need to do that later on.
Binary distributions of Enterprise MySQL apparently use the "bundled" yaSSL rather than OpenSSL. I think that means that it is safe enough for us to use it as well, at least for the time being. The risks and potential impact of an SSL-layer security breach for MySQL access are pretty low at this point, noting that passwords are not secured by SSL.
In the longer run, for better security, it would be good to find a way to use a common OpenSSL for all parts of the stack. But in the short run, I'm OK with moving forward with bundled yaSSL for mariadbclient.