Bug#219198: marked as done (www.debian.org: Add Security Support Policy, EOL Information, Etc.)
Your message dated Tue, 11 Nov 2003 18:49:00 -0800
with message-id <20031112024900.GB743@catalunya>
and subject line security update policy
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Nov 2003 23:27:27 +0000
>From c@eskimo.com Tue Nov 04 17:27:26 2003
Return-path: <c@eskimo.com>
Received: from conure.mail.pas.earthlink.net [207.217.120.54]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1AHAa6-0007WN-00; Tue, 04 Nov 2003 17:27:26 -0600
Received: from lsanca1-ar17-4-61-195-020.lsanca1.elnk.dsl.genuity.net ([4.61.195.20] helo=fal.clawpaws.net)
by conure.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
id 1AHAa5-0005sZ-00; Tue, 04 Nov 2003 15:27:25 -0800
Received: from fal.clawpaws.net (claire@localhost [127.0.0.1])
by fal.clawpaws.net (8.12.10/8.12.10/Debian-1) with ESMTP id hA4NROQC019575;
Tue, 4 Nov 2003 15:27:24 -0800
Received: from fal.clawpaws.net (claire@localhost)
by fal.clawpaws.net (8.12.10/8.12.10/Debian-1) with ESMTP id hA4NRNv9019571;
Tue, 4 Nov 2003 15:27:24 -0800
Message-Id: <[🔎] 200311042327.hA4NRNv9019571@fal.clawpaws.net>
To: submit@bugs.debian.org
Cc: "C.M. Connelly" <c@eskimo.com>
From: "C.M. Connelly" <cmc@debian.org>
Reply-To: "C.M. Connelly" <cmc@debian.org>
Organization: The Debian Project
Subject: www.debian.org: Add Security Support Policy, EOL Information, Etc.
Date: Tue, 04 Nov 2003 15:27:23 -0800
Sender: c@eskimo.com
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-9.9 required=4.0
tests=HAS_PACKAGE,MSG_ID_ADDED_BY_MTA_3,PGP_SIGNATURE
autolearn=ham version=2.53-bugs.debian.org_2003_11_03
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_11_03 (1.174.2.15-2003-03-30-exp)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: www.debian.org
Version: n/a
Severity: normal
With Red Hat announcing the end of their ``free'' Red Hat Linux
distribution, a lot of organizations that can't afford to move to
Red Hat Enterprise Linux are looking for alternatives.
One of the big things that people are looking for when considering
alternatives is a distribution's security support policy
(``errata'', in Red Hat's terminology) and information about the
lifespan of a particular release, including, if possible, specific
dates for a release's end-of-life.
It would be nice if Debian had such information linked fairly
prominently from the front page or from an appropriate subsection
(support?).
Claire
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Man cannot be civilised, or be kept civilised by what he does in his
spare time; only by what he does as his work.
W.R. Lethaby
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
C.M. Connelly cmc@debian.org SHC, DS
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iD4DBQE/qDXXzrFKeh3cmQ0RAh+jAJirSTUAKcsTZ/4t1qrQALoTtWabAJ9PvPKe
5MLEFUSpihk8kc4UUc0oBQ==
=mTsu
-----END PGP SIGNATURE-----
---------------------------------------
Received: (at 219198-done) by bugs.debian.org; 12 Nov 2003 02:45:29 +0000
>From kraai@lafn.org Tue Nov 11 20:45:28 2003
Return-path: <kraai@lafn.org>
Received: from zoot.lafn.org [206.117.18.6]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1AJl0a-000534-00; Tue, 11 Nov 2003 20:45:28 -0600
Received: from catalunya (host-66-81-30-51.rev.o1.com [66.81.30.51])
by zoot.lafn.org (8.12.3p3/8.12.3) with ESMTP id hAC2jNLw037360;
Tue, 11 Nov 2003 18:45:24 -0800 (PST)
(envelope-from kraai@lafn.org)
Received: from kraai by catalunya with local (Exim 3.36 #1 (Debian))
id 1AJl40-0000Co-00; Tue, 11 Nov 2003 18:49:00 -0800
Date: Tue, 11 Nov 2003 18:49:00 -0800
From: Matt Kraai <kraai@ftbfs.org>
To: Martin Schulze <joey@infodrom.org>
Cc: 219198-done@bugs.debian.org, team@security.debian.org
Subject: Re: security update policy
Message-ID: <20031112024900.GB743@catalunya>
References: <20031105005432.GB15784@catalunya> <20031105082059.GB2458@finlandia.infodrom.north.de> <20031105175238.GD361@catalunya> <20031106082734.GP2458@finlandia.infodrom.north.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031106082734.GP2458@finlandia.infodrom.north.de>
User-Agent: Mutt/1.5.4i
Sender: Matt Kraai <kraai@lafn.org>
Delivered-To: 219198-done@bugs.debian.org
X-Spam-Status: No, hits=-4.1 required=4.0
tests=EMAIL_ATTRIBUTION,HTML_00_10,HTML_MESSAGE,
PATCH_UNIFIED_DIFF,QUOTED_EMAIL_TEXT
version=2.53-bugs.debian.org_2003_11_9
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_11_9 (1.174.2.15-2003-03-30-exp)
On Thu, Nov 06, 2003 at 09:27:35AM +0100, Martin Schulze wrote:
> Matt Kraai wrote:
> > On Wed, Nov 05, 2003 at 09:20:59AM +0100, Martin Schulze wrote:
> > > Matt Kraai wrote:
> > > > Howdy,
> > > >
> > > > I don't know that the security team has a policy for how long they
> > > > will support old-stable. For potato, they took a user survey and
> > > > discontinued support after about a year.
> > > >
> > > > Would someone on the security team please let us know if users can
> > > > expect a year of support for old-stable in the future as well?
> > >
> > > I guess that you can, assuming that no release is done in the
> > > meantime. we won't be able to support three releases, two is
> > > already difficult enough.
> >
> > I think it is safe to assume that we won't release more than once
> > a year in the near future. Therefore, would anyone object if I
> > added the following to the security FAQ? Claire, would this be
> > sufficient?
> >
> > Q: How long will security updates be provided?
> > A: Security updates will be provided for a given release for one
> > year after the next version is released.
>
> I'd rather forumlate it as follows:
>
> A: The Security Team tries to support a stable distribution for
> about one more year after a new stable distribution has been
> released, except when another stable distribution is released
> within this year. It is not possible to suppor three
> distributions, while supporting two simultaneously is already
> difficult enough.
>
> I guess this paragraph could use some improvements...
I've committed the following patch:
Index: faq.wml
===================================================================
RCS file: /cvs/webwml/webwml/english/security/faq.wml,v
retrieving revision 1.31
diff -u -r1.31 faq.wml
--- faq.wml 17 Oct 2003 20:35:46 -0000 1.31
+++ faq.wml 12 Nov 2003 02:44:25 -0000
@@ -261,3 +261,11 @@
<p>A: The Debian security team consists of
<a href="../intro/organization">several officers and secretaries</a>.
The security team itself appoints people to join the team.
+
+<toc-add-entry name=lifespan>How long will security updates be provided?</toc-add-entry>
+<p>A: The security team tries to support a stable distribution for
+ about one year after the next stable distribution has been
+ released, except when another stable distribution is released
+ within this year. It is not possible to support three
+ distributions; supporting two simultaneously is already difficult
+ enough.
Thanks for clarifying the security team's position.
--
Matt
Reply to: