On Mon, Oct 22, 2018 at 05:52:15PM +0000, Luca Filipozzi wrote: > I object because, at the 2018 Debian Cloud Sprint, we collectively > decided that we were not offering Debian LTS Cloud Images. Are we > changing our decision? I'd like to see collective decision making, not > one-offs for each platform. That's precisely why I asked. However, I don't want to focus too much on process or collective decision making. Every provider is different. The existing images available for a given provider, and their adoption, is different. The level of support given by the provider themselves is different. The level of effort involved in continuing to support jessie images varies by provider. Etc, etc. I propose to revisit the decision because I think it was made in haste, and with incomplete information. Zach expressed concern that there were security issues not being fixed in jessie by the LTS team. My assumption was that these issues were related specifically to the Intel speculation class of bugs, complete mitigations for which rely on KPTI, which is not present in the 3.16 kernels from jessie. However, it seems that LTS is currently shipping a 4.9 kernel, in addition to the original 3.16 kernel, which was uploaded by the kernel team. (Not that you can discover any of this on packages.d.o or similar resources, which IMO is a real problem in terms of the legitimacy of LTS.) If there are other specific issues that Zach (or anybody else) can point to that haven't received attention from the LTS team, we should consider those. Perhaps he was referring to something besides the kernel. Given the availability of linux 4.9 in LTS, I am less attached to the decision we made at the sprint. Given the impact that the decision has had some some of the users of the jessie AMIs on AWS, I am interested in revisiting it. Note that I'm not necessarily proposing that we provide regularly updates LTS images for the full duration of the LTS lifecycle. I'm not actually proposing any timeline at this point, though I'll come up with one if people want. I'm simply suggesting that we consider that we have users who do want LTS, and we should support them to the extent that we're able.
Attachment:
signature.asc
Description: PGP signature