On 2018-10-19 16:14:47, Raphael Hertzog wrote: > On Fri, 19 Oct 2018, Steve McIntyre wrote: > > The main thing: concerns were raised by several of the cloud platforms > > people that LTS security doesn't seem to be working very well. They're > > not seeing fixes happening for known issues, and so at the moment they > > don't have trust in the process. > > Really? This is the first time I hear such feedback. Can you put me in > touch with the person(s) who made those claims so that I can try to have > more concrete information about the alleged problems? It's not only about problems, there is whole paradigm shift from hand crafted long lived servers to short lived volatile instances recreated at the whim with no human involvement. This drives use of latest already patched software and this includes OS, which is treated as a cattle. In such approach LTS solutions are not necessary and are only creating technical debt (for example migration wise). Off course there are use cases where servers running on 'cloud' are still treated as pets, nurtured by sysadmins etc. this is where LTS comes to play, but those systems are long running and are neither spun up often nor in big batches, if at all, thus doesn't really require LTS support on base images. Having said all above it is a good practise to copy and stash your build elements into your own environment to not depend on external resourced for CI/CD process (even if highly reliable as Debian is). This makes base cloud images based on old and oldold stable just additional maintenance point for Debian, which in real life is hardly required. Thus I'd opt for what have been done to Wheezy and Jessie. Images should be still available but we should clearly state that those are not supported as base OS media and that users should use latest stable instead. People who are still going to use those IMO should be aware of EoL and informed about LTS but that's it. Conclusion is that IMO we shouldn't create any images for releases older than oldstable until it's EoL and then just drop them accordingly to release cycle of main Debian line. -- |_|0|_| | |_|_|0| "Panta rei" | |0|0|0| -------- kuLa -------- | gpg --keyserver pgp.mit.edu --recv-keys 0x686930DD58C338B3 3DF1 A4DF C732 4688 38BC F121 6869 30DD 58C3 38B3
Attachment:
signature.asc
Description: PGP signature