Bug #119624 mysql-community-8.4.7-1.el7.src.rpm installs an unexpected mysql-5.6.51.tar.gz into SOURCES
Submitted: 5 Jan 12:51
Reporter: fander chan Email Updates:
Status: Open Impact on me:
None 
Category:MySQL Server: Packaging Severity:S3 (Non-critical)
Version:8.4.7 OS:Red Hat (RHEL 7.x)
Assigned to: CPU Architecture:x86

[5 Jan 12:51] fander chan 
Description:
After downloading the official MySQL Community Server 8.4.7 EL7 SRPM from dev.mysql.com and installing it with rpm, the SRPM deployment populates the rpmbuild SOURCES directory with two upstream tarballs: one for 8.4.7 (expected) and an additional unexpected legacy tarball mysql-5.6.51.tar.gz (unexpected).

This looks like an SRPM packaging/content issue: the 8.4.7 SRPM appears to carry (or install) an unrelated and EOL 5.6.51 source tarball. Even if unused by the SPEC, it is confusing for builders/reproducers and may raise supply-chain / compliance questions because the SRPM contains unrelated legacy source payload.

I verified this using a clean custom _topdir to exclude any contamination from an existing ~/rpmbuild tree, and the file is also visible via rpm -qpl, indicating it is part of the SRPM payload rather than a leftover file on disk.

How to repeat:
# 1) Download the official EL7 SRPM
wget https://dev.mysql.com/get/Downloads/MySQL-8.4/mysql-community-8.4.7-1.el7.src.rpm

# 2) Install the SRPM (default rpmbuild topdir)
rpm -ivh mysql-community-8.4.7-1.el7.src.rpm

# 3) Inspect SOURCES generated by SRPM installation
cd ~/rpmbuild/SOURCES
ls -l

Suggested fix:
rm -f /tmp/rpmbuild/SOURCES/mysql-5.6.51.tar.gz