------------------------------------------------------------------------ Debian Security Survey joey@debian.org http://www.debian.org/security/ Martin Schulze February 17th, 2003 http://www.debian.org/security/faq ------------------------------------------------------------------------ Results from the Security Survey last Year http://lists.debian.org/debian-devel-announce-0211/msg00001.html ================================================================ Counted votes total : 153 Votes used for calculations: 130 Too many people (about 100) didn't supply proper dates but used free text for responses to the questions I initially asked. Hence, their answers need to be interpreted into a date or ignored. Assuming "forever" as December 31st, 2003 we get these results: ------------------------------------------------------------ Wait upgrading approximately until : March 15, 2003 Want support for potato approx. until: March 11, 2003 ------------------------------------------------------------ The results vary a little bit if the answer is weighted by the number of potato machines these people maintain: ------------------------------------------------------------ Wait upgrading approximately until : November 3, 2003 Want support for potato approx. until: October 23, 2003 ------------------------------------------------------------ However, one person answered the questions and revealed that he maintains some 4000 machines running potato that he cannot simply upgrade to woody. He will replace the machines with woody systems, though, in case of failures. So, removing this answer, the results (still weighted) become: ------------------------------------------------------------ Wait upgrading approximately until : June 11th, 2003 Want support for potato approx. until: May 2nd, 2003 ------------------------------------------------------------ If the interpretation of "forever" is changed into December 31st, 2004, the calculated results (still weighted) will move up again: ------------------------------------------------------------ Wait upgrading approximately until : September 18, 2003 Want support for potato approx. until: May 27, 2003 ------------------------------------------------------------ In general it seems that many Debian administrators would rather like to stay with the old stable release before upgrading, for about one year after a new stable version has been released. This places a heavy burdon on the security team which has to support the old stable distribution for one year. This means, supporting two distributions (including all architectures) for one year after a new stable distribution has been released. Conclusion I will probably continue to support potato with security updates at least until end of June 2003 and I hope that the other members of the Security Team will do the same. This means that we support potato for additional 12 months after the release of woody, which is much more than users can expect from a group of volunteers who only work on the system for the sake of it. However, since investigating, correcting and fixing packages for two entirely different code bases needs to be done, supporting woody and potato is very time consuming and you should not expect security updates for potato after the end of June 2003. You should have upgraded to woody anyway. Regards, Joey -- Life is too short to run proprietary software. -- Bdale Garbee
Attachment:
pgpgKbpKFKRGg.pgp
Description: PGP signature