Bug #69598 Please don't re-release package files with same name but differet content *ever*
Submitted: 27 Jun 2013 9:04 Modified: 24 Apr 2018 11:28
Reporter: Hartmut Holzgraefe Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Packaging Severity:S4 (Feature request)
Version: OS:Any
Assigned to: CPU Architecture:Any

[27 Jun 2013 9:04] Hartmut Holzgraefe
Description:
In the aftermath of http://bugs.mysql.com/bug.php?id=69512 packages with GPL license text for man pages were published quickly ... unfortunately they were re-packaged without changing the version number at all

So now depending on when you downloaded e.g. mysql-5.5.32.tar.gz you either got the package with the accidental wrong license text (size 24625029 instead of 24589274 bytes, md5sum dfb817568fde9f9b7400a87eb46022a1 instead of 01eae37253a6b6c71b9f6d6be718584b ) or the newer one with the corrected license text in man pages

How to repeat:
If you happen to have downloaded 5.5.32, 5.6.12 or 5.7.1 packages from dev.mysql.com before June 24th you can compare the packages (or just their md5 checksums) to the current ones and see the difference.

E.g. for mysql-5.5.32.tar.gz:

hartmut@hartmut-t430s:~/Downloads/tmp
tmp > ls -l */*gz
-rw-rw-r-- 1 hartmut hartmut 24589274 Jun 26 14:57 new/mysql-5.5.32.tar.gz
-rw-rw-r-- 1 hartmut hartmut 24625029 Jun 27 10:41 old/mysql-5.5.32.tar.gz

hartmut@hartmut-t430s:~/Downloads/tmp
tmp > md5sum */*gz
01eae37253a6b6c71b9f6d6be718584b  new/mysql-5.5.32.tar.gz
dfb817568fde9f9b7400a87eb46022a1  old/mysql-5.5.32.tar.gz

hartmut@hartmut-t430s:~/Downloads/tmp
tmp > diff -u */mysql-5.5.32/man/mysql.1
--- new/mysql-5.5.32/man/mysql.1	2013-06-19 17:26:35.000000000 +0200
+++ old/mysql-5.5.32/man/mysql.1	2013-05-16 17:47:22.000000000 +0200
@@ -2,12 +2,12 @@
 .\"     Title: \fBmysql\fR
 .\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
 .\" Generator: DocBook XSL Stylesheets v1.77.1 <http://docbook.sf.net/>
-.\"      Date: 06/18/2013
+.\"      Date: 05/16/2013
 .\"    Manual: MySQL Database System
 .\"    Source: MySQL 5.5
 .\"  Language: English
 .\"
-.TH "\FBMYSQL\FR" "1" "06/18/2013" "MySQL 5\&.5" "MySQL Database System"
+.TH "\FBMYSQL\FR" "1" "05/16/2013" "MySQL 5\&.5" "MySQL Database System"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -939,7 +939,6 @@
 .\}
 .\" mysql: port option
 .\" port option: mysql
-.\" TCP/IP
 \fB\-\-port=\fR\fB\fIport_num\fR\fR,
 \fB\-P \fR\fB\fIport_num\fR\fR
 .sp
@@ -3212,11 +3211,40 @@
 .PP
 Copyright \(co 1997, 2013, Oracle and/or its affiliates. All rights reserved.
 .PP
-This documentation is free software; you can redistribute it and/or modify it only under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License.
+This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
 .PP
-This documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
 .PP
-You should have received a copy of the GNU General Public License along with the program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or see http://www.gnu.org/licenses/.
+If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
+.PP
+U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
+.PP
+This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.
+.PP
+Oracle is a registered trademark of Oracle Corporation and/or its affiliates. MySQL is a trademark of Oracle Corporation and/or its affiliates, and shall not be used without Oracle's express written authorization. Other names may be trademarks of their respective owners.
+.PP
+This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.
+.PP
+This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. Your access to and use of this material is subject to the terms and conditions of your Oracle Software License and Service Agreement, which has been executed and with which you agree to comply. This document and information contained herein may not be disclosed, copied, reproduced, or distributed to anyone outside Oracle without prior written consent of Oracle or as specifically provided below. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
+.PP
+This documentation is NOT distributed under a GPL license. Use of this documentation is subject to the following terms:
+.PP
+You may create a printed copy of this documentation solely for your own personal use. Conversion to other formats is allowed as long as the actual content is not altered or edited in any way. You shall not publish or distribute this documentation in any form or on any media, except if you distribute the documentation in a manner similar to how Oracle disseminates it (that is, electronically for download on a Web site with the software) or on a CD-ROM or similar medium, provided however that the documentation is disseminated together with the software on the same medium. Any other use, such as any dissemination of printed copies or use of this documentation, in whole or in part, in another publication, requires the prior written consent from an authorized representative of Oracle. Oracle and/or its affiliates reserve any and all rights to this documentation not expressly granted above.
+.PP
+For more information on the terms of this license, or for details on how the MySQL documentation is built and produced, please visit
+\m[blue]\fBMySQL Contact & Questions\fR\m[].
+.PP
+For additional licensing information, including licenses for third-party libraries used by MySQL products, see
+Preface and Legal Notices.
+.PP
+For help with using MySQL, please visit either the
+\m[blue]\fBMySQL Forums\fR\m[]
+or
+\m[blue]\fBMySQL Mailing Lists\fR\m[]
+where you can discuss your issues with other MySQL users.
+.PP
+For additional documentation on MySQL products, including translations of the documentation into other languages, and downloadable versions in variety of formats, including HTML and PDF formats, see the
+\m[blue]\fBMySQL Documentation Library\fR\m[].
 .sp
 .SH "SEE ALSO"
 For more information, please refer to the MySQL Reference Manual,

Suggested fix:
*Never* change download packages after the fact, released is released.

*Always* bump up the patch level count in the version number from x.y.z to x.y.z+1, or at least use the previous scheme of adding an a,b,c after the patch level number as with e.g. 5.5.25 vs. 5.5.25a
[1 Jul 2013 8:14] Simon Mudd
I'd agree. Some packaging systems (rpm) just refer to the source filenames that are needed for building and others also include some sort of checksum, so can distinguish if the source being looked at matches the one expected.

In either case this causes confusion to everyone. You may not want to have to bump up the version but as stated if you do things like this add some extra reference so it's clear that this is different to the original file.

Then you can safely remove the old files and people looking for them won't find something different to what they expect.
[3 Jul 2013 12:01] Yngve Svendsen
Thanks for the report. With hindsight, we should not have gone for a silent replace. We should ideally have bumped the version number or at least the release number. As a partial fix, to signify actual changed content and preserve upgradability, we will publish new RPMs with release number 2 (i.e. 5.5.32-2). And we will avoid silent replaces in the future and bump version numbers on source code changes and release numbers on pure packaging changes.
[3 Jul 2013 13:18] Simon Mudd
Good that the rpms will be different, but bad that you make no mention of changing the source tar balls you provide. That's the whole point of this bug report I think.

Something happened to 5.5.25 and that lead to a new version 5.5.25a was released if I remember correctly. Can't you just do the same?  See your own site: http://downloads.mysql.com/archives.php?p=mysql-5.5&o=other
[5 Jul 2013 12:40] Yngve Svendsen
Simon,

at this time, I think further changes may cause even more confusion. Additionally, preparations for the next round of releases are under way, and when these appear in a few weeks, we should anyway be back to normal again.
[24 Apr 2018 11:28] Yngve Svendsen
Point taken and lesson hopefully learned. Closing this now.