[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Announcing EOL for Jessie images



On 2018-10-19 16:14:47, Raphael Hertzog wrote:
> On Fri, 19 Oct 2018, Steve McIntyre wrote:
> > The main thing: concerns were raised by several of the cloud platforms
> > people that LTS security doesn't seem to be working very well. They're
> > not seeing fixes happening for known issues, and so at the moment they
> > don't have trust in the process.
> 
> Really? This is the first time I hear such feedback. Can you put me in
> touch with the person(s) who made those claims so that I can try to have
> more concrete information about the alleged problems?

It's not only about problems, there is whole paradigm shift from hand crafted
long lived servers to short lived volatile instances recreated at the whim with
no human involvement.
This drives use of latest already patched software and this includes OS, which
is treated as a cattle. In such approach LTS solutions are not necessary and
are only creating technical debt (for example migration wise).

Off course there are use cases where servers running on 'cloud' are still
treated as pets, nurtured by sysadmins etc. this is where LTS comes to play,
but those systems are long running and are neither spun up often nor in big
batches, if at all, thus doesn't really require LTS support on base images.

Having said all above it is a good practise to copy and stash your build
elements into your own environment to not depend on external resourced for CI/CD
process (even if highly reliable as Debian is). This makes base cloud images 
based on old and oldold stable just additional maintenance point for Debian,
which in real life is hardly required.

Thus I'd opt for what have been done to Wheezy and Jessie. Images should be
still available but we should clearly state that those are not supported as
base OS media and that users should use latest stable instead. People who are
still going to use those IMO should be aware of EoL and informed about LTS but
that's it.

Conclusion is that IMO we shouldn't create any images for releases older than
oldstable until it's EoL and then just drop them accordingly to release cycle
of main Debian line.
-- 

|_|0|_|                                                  |
|_|_|0|                  "Panta rei"                     |
|0|0|0|             -------- kuLa --------               |

gpg --keyserver pgp.mit.edu --recv-keys 0x686930DD58C338B3
3DF1  A4DF  C732  4688  38BC  F121  6869  30DD  58C3  38B3

Attachment: signature.asc
Description: PGP signature


Reply to: