CVE Live Patching for Database
Quick question regarding the Database patching, especially on the CVE. Did you see if this technology of live patching is very important to have to our open-source database?
Mean I don't even need to do any failover, since most of our database, today also is in HA/Galera Cluster/DBaaS. What do you guys think about this?
EG: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2154 https://access.redhat.com/security/cve/cve-2021-32029
With databases already having their HA strategies, the addition of a userspace live patching like https://github.com/SUSE/libpulp would require more server side development and some very careful replacement of functions (and how do function pointers work?), a clear understanding of the mutexes around the code changed and extensive testing.
While not impossible, I don't think database developers have this much time free for this kind of innovation at the moment. Maybe with improved tooling it could be experimented with later.
Existing removal of a node, update, and rejoin provides significantly easier path for database developers as the complexities of the live aspect are replaced with more stable and tested code paths.