Simon Phipps, who's Computer World UK blog isn't aggregated on Planet MySQL, has a blog post which reveals the truth behind the missing MySQL test cases that many of us commented on some time ago (including myself). You can read Simon's blog post here.
As you remember, there were various things that happened (or rather ceased to happen) during the Summer which led to people complaining that Oracle's MySQL is closing down. As a result of the uproar, source code trees at Launchpad were immediately refreshed. Otoh, there was never any public explanation why test cases for new bug fixes are withheld.
Simon has been active to find out the answer, and has found an "anonymous source" (who just might be an Oracle employee who knows what he is talking about...) who explains that the reason is really just a mandate from Oracle's security team and MySQL personnel are not necessarily very happy about it. The really absurd part is that Oracle also has a policy that forbids anyone from making a public explanation about any of this (basically leaving the field wide open to everyone else to comment on it instead...)
I'd like to thank Simon - the godfather of former Sun open source projects - for being active and mediating in this dilemma the MySQL team found themselves in. To communicate this way is kind of weird in an open source community, but at least it's something. Since I don't expect Oracle to change, I'm sure we will have similar situations in years to come, maybe a similar procedure can be used then too.
PS: For comparison, it might be worth comparing Oracle's approach (as described in Simon's post) to MariaDB's responsible disclosure process of the recent security bug allowing you to login without password 1% of the time (ie. pretty serious security issue). The MariaDB team didn't publish the bug or test case either, they first shared it with Oracle, then it was given to Linux distributions, and once updates were in place, then details of the bug were publicly disclosed.