[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Announcing EOL for Jessie images

On Mon, Oct 22, 2018 at 05:52:15PM +0000, Luca Filipozzi wrote:
> I object because, at the 2018 Debian Cloud Sprint, we collectively
> decided that we were not offering Debian LTS Cloud Images.  Are we
> changing our decision?  I'd like to see collective decision making, not
> one-offs for each platform.

That's precisely why I asked. However, I don't want to focus too much on
process or collective decision making. Every provider is different. The
existing images available for a given provider, and their adoption, is
different. The level of support given by the provider themselves is
different. The level of effort involved in continuing to support jessie
images varies by provider. Etc, etc.

I propose to revisit the decision because I think it was made in haste,
and with incomplete information. Zach expressed concern that there were
security issues not being fixed in jessie by the LTS team. My assumption
was that these issues were related specifically to the Intel speculation
class of bugs, complete mitigations for which rely on KPTI, which is not
present in the 3.16 kernels from jessie. However, it seems that LTS is
currently shipping a 4.9 kernel, in addition to the original 3.16
kernel, which was uploaded by the kernel team. (Not that you can
discover any of this on packages.d.o or similar resources, which IMO is
a real problem in terms of the legitimacy of LTS.)

If there are other specific issues that Zach (or anybody else) can point
to that haven't received attention from the LTS team, we should consider
those. Perhaps he was referring to something besides the kernel.

Given the availability of linux 4.9 in LTS, I am less attached to the
decision we made at the sprint. Given the impact that the decision has
had some some of the users of the jessie AMIs on AWS, I am interested in
revisiting it.

Note that I'm not necessarily proposing that we provide regularly
updates LTS images for the full duration of the LTS lifecycle. I'm not
actually proposing any timeline at this point, though I'll come up with
one if people want. I'm simply suggesting that we consider that we have
users who do want LTS, and we should support them to the extent that
we're able.

Attachment: signature.asc
Description: PGP signature

Reply to: