Bug#468765: Is oldstable security support duration something to be proud of?

To: Filipus Klutiero <chealer@gmail.com>
Cc: Luk Claes <luk@debian.org>, debian-security@lists.debian.org, 468765@bugs.debian.org
Subject: Bug#468765: Is oldstable security support duration something to be proud of?
From: dann frazier <dannf@dannf.org>
Date: Mon, 10 Mar 2008 14:43:30 -0600
Message-id: <[🔎] 20080310204330.GC29329@colo.lackof.org>
Reply-to: dann frazier <dannf@dannf.org>, 468765@bugs.debian.org
In-reply-to: <[🔎] 200803101613.43628.chealer@gmail.com>
References: <[🔎] 200803101436.46270.chealer@gmail.com> <[🔎] 47D5844F.2020903@debian.org> <[🔎] 200803101613.43628.chealer@gmail.com>

On Mon, Mar 10, 2008 at 04:13:43PM -0400, Filipus Klutiero wrote:
> Le March 10, 2008 02:56:15 pm Luk Claes, vous avez ?crit?:
> > Filipus Klutiero wrote:
> > > Hi,
> > > I reported #468765 about a questionable statement on www.debian.org.
> > > Frank Lichtenheld wants this to be discussed.
> > >
> > > This statement is in a security announcement. Martin Schulze confirmed
> > > that he wrote the statement. Does the security team think that oldstable
> > > security support duration is something to be proud of?
> > >
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468765
> >
> > Why would anyone question if a security support of at *least* 2,5 years
> > by volunteers not be something to be proud of?
> The sentence does not talk about volunteers. Even if it did, I wouldn't be 
> less proud of my contributions to Debian if I was paid for them. And from the 
> readers POV, I don't appreciate Debian more because developers are mostly 
> volunteers.
> 
> I already compared the duration of oldstable support in the bug report, but 
> let's look at the total security support duration of each release of other 
> free distros if you want. Let's take these 3 which are not too far from 
> Debian's quality:
> RHEL and derivatives: 7 years
> openSUSE: 2 years
> Ubuntu: a bit more complex.
> 	1.5 in general
> 	LTS releases: 3 on desktop, 5 on server
> 
> Debian is somewhat better than openSUSE, equal or slightly worst than Ubuntu 
> and definitely worst than RHEL and derivatives. So on average, Debian is 
> somewhat worst than its main alternatives in this aspect.

How about in # of packages we support? Does that bump us up at all in
your pissing contest? There are many characteristics of security
support (breadth, turnaround, stability, etc) - and different
characteristics appeal to different users. We don't have to be proud
that our N isn't as long as someone else's N, but we can certainly be
proud to have honored the commitment we made to our users.

Using # of years of support as a measurement of "goodness" is as silly
as using # of advisories as a measurement of an OS's "secureness".

-- 
dann frazier

Reply to:

Follow-Ups:
- Bug#468765: # of supported packages (was Re: Is oldstable security support duration something to be proud of?)
  - From: Filipus Klutiero <chealer@gmail.com>

References:
- Bug#468765: Is oldstable security support duration something to be proud of?
  - From: Filipus Klutiero <chealer@gmail.com>
- Bug#468765: Is oldstable security support duration something to be proud of?
  - From: Luk Claes <luk@debian.org>
- Bug#468765: Is oldstable security support duration something to be proud of?
  - From: Filipus Klutiero <chealer@gmail.com>

Prev by Date: Bug#468765: Is oldstable security support duration something to be proud of?
Next by Date: Re: Small suggestion
Previous by thread: Bug#468765: Is oldstable security support duration something to be proud of?
Next by thread: Bug#468765: # of supported packages (was Re: Is oldstable security support duration something to be proud of?)
Index(es):
- Date
- Thread