debian for the long term

I have a question that I am hoping/expecting is a non issue...we are
reviewing distros to use as a base for an appliance (changing out our
current custom one)... we are heavily leaning towards debian, but the
question has come up as to how long packages will be supported...i.e.
security updates, new drivers for kernel etc....which made us look a
ubuntu lts....we are trying to minimize our maintenance efforts...so,
my question is if we were to base it off lenny, how long could we
realistically expect to have support...I have read the expected
release, and that it is supported a year after going "stable"...but I
suspect that that is not the whole story...e.g. you can possibly use
packages from the next release and sort of upgrade as needed...the
other part of this question is (not to start any flaming) at a
base/minimal os level, how different is ubuntu, and how much mixing
can one safely do? any advice would be great!

thanks a lot

