Re: Backports policy for security updates (was: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED)

To: Scott Kitterman <debian@kitterman.com>
Cc: debian-backports@lists.debian.org
Subject: Re: Backports policy for security updates (was: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED)
From: Alexander Wirt <formorer@formorer.de>
Date: Wed, 24 May 2017 07:24:07 +0200
Message-id: <[🔎] 20170524052407.lohizerzv2qfzmpr@lisa.snow-crash.org>
In-reply-to: <[🔎] 1997008.a6Ir7xgX1v@kitterma-e6430>
References: <E1dDBZF-0005ji-5b@fasolo.debian.org> <[🔎] 5177958.Uy5XxIlxqR@kitterma-e6430> <[🔎] 20170524044222.urmn32jlj3r6xymu@lisa.snow-crash.org> <[🔎] 1997008.a6Ir7xgX1v@kitterma-e6430>

On Wed, 24 May 2017, Scott Kitterman wrote:

*snip*

> I realize that socially, granting an exception for python-django right now is 
> not ideal since the discuss first didn't happen, but I think technically a 
> really good case can be made for python-django updates and I'd like to try.
> 
> At this point in it's lifecycle, all Django 1.8 is getting is security fixes.  
> The Django Project has a very defined policy about post release maintenance 
> [1].  They also have a very extensive test suite that the package runs for 
> both python and python3 at build time.
> 
> The most recent release had two CVE fixes.  As with all web frameworks, it's 
> security history is not wonderful, but upstream is very responsive about 
> addressing issues when they are identified for all supported releases.  
> 
> As an LTS release, Django 1.8 is supported for security releases until at 
> least April of 2018, which will be near the end of Jessie's support window 
> (and two months of hand backporting patches if needed is not typically 
> difficult - I'm doing it locally for Django 1.6 now).  If allowed to continue 
> we can support this through Jessie's life.
Lets go a step further, what about after april 2018? jessie-backports
lifetime is til may 2020? 

Alex

Reply to:

Follow-Ups:
- Re: Backports policy for security updates (was: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED)
  - From: Scott Kitterman <debian@kitterman.com>

References:
- Backports policy for security updates (was: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED)
  - From: Scott Kitterman <debian@kitterman.com>
- Re: Backports policy for security updates (was: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED)
  - From: Alexander Wirt <formorer@formorer.de>
- Re: Backports policy for security updates (was: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED)
  - From: Scott Kitterman <debian@kitterman.com>

Prev by Date: Re: Backports policy for security updates (was: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED)
Next by Date: Re: Backports policy for security updates (was: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED)
Previous by thread: Re: Backports policy for security updates (was: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED)
Next by thread: Re: Backports policy for security updates (was: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED)
Index(es):
- Date
- Thread