On Sun, 21 Oct 2018, Noah Meyerhans wrote: > I'm sure a lot of it is a matter of perception, but the level of > integration of LTS with the stable lifecycle does not seem as deep as > someone familiar with Debian stable might expect it to be. For example, > security announcements being published to a list other than > debian-security-announce makes it feel very unofficial and does not > invoke the same level of confidence in the commitment (it is somewhat > remeniscent of the secure-testing effort). I don't think that the security team is ready to open up the gate of their list to us. But the commitment should be judged over our longevity. It's been 5 years already and in practice we support almost as many packages as the main security team does (because we have enough resources nowadays). > Lack of integration with packages.debian.org and incomplete coverage of > the archive also present problems. packages.debian.org does cover the security suites, so LTS packages are covered, I'm not sure what you are referring to here. The main problem is that the updates only live on security.debian.org, they are never merged back in the main suite (because we don't do further point releases). > For exaple, despite the existence of > DLA 1531, I cannot find evidence of a 4.9 kernel for jessie on > packages.debian.org except in jessie-backports, and backports is well > documented as not having official security support. (Again, I realize > that this may be a matter of visibility and perception.) https://packages.debian.org/source/jessie/linux-4.9 Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
Attachment:
signature.asc
Description: PGP signature