Re: Lenny vs. Etch + Backports
Johannes Wiedersich wrote:
I am not sure if I understand correctly: What are your objections
against debian's way of security fixes?
Let's take the example of Seamonkey/Iceape. Officially EOL'd as of May,
the 1.0.x branch's security status is no longer being actively
investigated by upstream developers, but assuming that Lenny takes as
long to come to fruition as Etch, come Debian's next major release its
developers -- with fewer resources than upstream, I should imagine --
will have been searching out and patching vulnerabilities in an
abandoned codebase for more than 20 months.
I've no doubt that the resulting code's more stable than upstream's,
it's just that I'd rather place my trust in the upstream codebase (or
Debian patches based thereon).
Not a very original objection, but a reasonable-sounding pretext for
moving away from Stable ;)