The MariaDB Foundation: A turning point for MySQL

Back when Sun Microsystems was setting, some of the programmers who had been involved with the popular and well-known open source MySQL database started a fork of the project called MariaDB.

The new project was led and named by Michael “Monty” Widenius, the original developer of MySQL and one of the founders of the eponymous company that Sun acquired. After leaving Sun, he formed a company in his native Finland — Monty Program AB — to host development of MariaDB and made an open offer of employment to any MySQL committer. As a result, a formidable corps of developers gathered at Monty Program.

[ Also on InfoWorld: MariaDB steps out from MySQL’s shadow | Track the latest trends in open source with InfoWorld’s Technology: Open Source newsletter. ]

They’ve been working hard, though you might not know it. MariaDB has been upstaged by Oracle’s continuing development and marketing of MySQL itself, which was acquired with the rest of Sun’s assets. All the same, their labors have paid off. In a comparison of six open source databases — including MySQL — Network World found MariaDB to be the preferred choice. Monty told me that MariaDB included the equivalent of 30 person-years of development over MySQL, and the Monty Program has certainly proved responsive — especially at fixing security issues.

A focus on prompt patching Monty told me that the MariaDB team has been working closely with mitre.org to ensure that security issues are promptly reported and explained in detail. Because Oracle no longer published details of the security fixes it makes, the MariaDB team usually has to reverse-engineer patches from published sources “dropped over the wall” from MySQL. They then merge all MySQL security patches into MariaDB. Monty told me “MariaDB is the most secure version of MySQL” — a bold claim.

While the details of the vulnerabilities fixed are usually kept private until after new versions of both MariaDB and MySQL have been published, the most recent batch offers an unusual glimpse into the difference in responsiveness between the MariaDB and MySQL teams. MariaDB fixed the issues in a few days, with published and documented open source patches, but MySQL still hasn’t (at the time of writing) patched the vulnerabilities.

This is not new. Oracle has been accused of allowing its corporate processes to take priority over community engagement at MySQL: closing access to new development, being slow to fix security bugs, failing to communicate with the MySQL ecosystem. I spoke with a number of people from the wider MySQL and MariaDB ecosystem, and all expressed frustration.

So with news last week of the formation of a MariaDB Foundation, it’s clear that a new phase could be starting for the MySQL open source community. MariaDB — and by implication, MySQL — now has a dedicated institution, with the intent there should be no single entity in control. I talked about the creation of the MariaDB Foundation with Monty, its CTO, and with its COO Andrew Katz. You can see the full discussion on this and other topics in this video:

Ecosystem implications What does this mean for the MySQL ecosystem? First, there’s MySQL packaging and integration. An open project like MariaDB is far easier to work with than one run by a single company seeking fees for every contact. We could see Linux distributions packaging MariaDB, as well as its use in LAMP demployments (the “M” is conveniently retained).

Second, there’s the scope for innovation. One developer told me MariaDB has a potentially interesting technical future, with the ability to support OLTP, OLAP, and specialist data-centric approaches, as well as highly scalable multimaster clusters in the future. This diverse future will involve diverse inputs. A foundation with transparent governance that’s open to anyone is the ideal place.

Third, there’s the competitive dimension. MariaDB recently announced highly compatible client libraries that can be used with both MariaDB and MySQL, written from scratch and licensed under the LGPL rather than under the original GPL used by MySQL and its forks. As community member Arjen Lenz comments, this is a big deal for dual licensing. It means that there’s no longer a strong need for commercial deployers to buy a proprietary license from MySQL just to avoid the extra compliance management demanded by the GPL.

The combination of these three factors could make MariaDB an attractive proposition for many participants in the huge MySQL marketplace. Monty told me MariaDB already sees code contributions from several big companies, including Facebook, Google, and Twitter, and the developer IRC channel can have 100 or more participants at times.

All is not necessarily harmony. There’s one part of the MySQL ecosystem that seems unmoved: the Drizzle project, another fork aimed at cloud deployments and redesigned around a microkernel architecture to be smaller and more modular. Its founder Brian Aker was scornful on Twitter and took a wait-and-see attitude via email. Drizzle already has a non-GPL client library for MySQL — albeit not a completely compatible one — and Aker claims the JDBC driver in MariaDB is minimally derived from Drizzle (which uses the BSD license for these libraries, in contrast to MariaDB, which use the LGPL).

Differences of opinion are inevitable in any large community, so this tension may not be a problem. With good execution, the MariaDB Foundation could reenergize the MySQL community and provide a focal point for new innovation and growth. It won’t be easy, but the potential is huge. MySQL has been a cornerstone of the history of open source. MariaDB could be a cornerstone of its future.

This article, “The MariaDB Foundation: A turning point for MySQL,” was originally published at InfoWorld.com. Read more of the Open Sources blog and follow the latest developments in open source at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.