[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Announcing EOL for Jessie images

On Fri, Oct 19, 2018 at 04:14:47PM +0200, Raphael Hertzog wrote:
> > The main thing: concerns were raised by several of the cloud platforms
> > people that LTS security doesn't seem to be working very well. They're
> > not seeing fixes happening for known issues, and so at the moment they
> > don't have trust in the process.
> Really? This is the first time I hear such feedback. Can you put me in
> touch with the person(s) who made those claims so that I can try to have
> more concrete information about the alleged problems?

I'm sure a lot of it is a matter of perception, but the level of
integration of LTS with the stable lifecycle does not seem as deep as
someone familiar with Debian stable might expect it to be. For example,
security announcements being published to a list other than
debian-security-announce makes it feel very unofficial and does not
invoke the same level of confidence in the commitment (it is somewhat
remeniscent of the secure-testing effort).

Lack of integration with packages.debian.org and incomplete coverage of
the archive also present problems. For exaple, despite the existence of
DLA 1531, I cannot find evidence of a 4.9 kernel for jessie on
packages.debian.org except in jessie-backports, and backports is well
documented as not having official security support. (Again, I realize
that this may be a matter of visibility and perception.)

For my part, as maintainer of the images on AWS, I don't want to prevent
people currently using the jessie images from continuing to do so. I
simply don't want new (to AWS or to Debian) users from starting out with
jessie. As such, I've made the jessie listings slightly less
discoverable using AWS interfaces, and have noted their deprecation on
the relevant Debian wikis. Somebody who is familiar with LTS and
interested in using it is certainly welcome to do so, though.


Attachment: signature.asc
Description: PGP signature

Reply to: