Hi, in a different thread on this mailing list it has been brought to our attention, that the team producing the images, the team providing LTS support for Debian and OUR USERS have different expectations on the lifecycle and the security support of our cloud images. I need to admit, that at least from my perspective we handled this not the optimal way and upset several of our Debian members and our users. While it is probably hard to change expectations to existing Jessie and Stretch images, we might want to publish and announce a lifecycle and security guideline along with our cloud images with the beginning of buster. Those guidelines could be a wiki page or a web page the various cloud providers link from their marketplace platforms. My personal guess is, that with a lifecycle guideline both we and our users can do better planning, and our users are not suddenly surprised by the absent of specific images on the various cloud providers plattforms. Also, we can link to such a lifecycle guideline much better when it exists! A lifecycle guideline COULD look like this: Stable Images for Buster (stable) --------------------------------- The Debian Project will release it's new stable release 10 (Codename Buster) along with images for various major cloud providers. Thus images will be announced on the debian-cloud-announce@lists.debian.org mailing list. Updates to those images will also be announced to this mailing list. All images (beside to the market place publication) are available for download at https://images.debian.org/cloud/<codename>/XXX, including link to build logs and a digital signature. Security Support for Buster (stable) images ------------------------------------------- Images will be respinned whenever a network facing service on those images receives a public security update (via debian-security), whenever a major issue within those images is discovered or a kernel update for those has been published via official debian channels. For the convinience of our users our images are respinned approx. every eight weeks to collect all the other security updates issued for non-network facing security updates. Images will be no later be respinned than a stable point release. All changes to those images will be announced to the debian-cloud-announce@lists.debian.org mailing list. All images (beside to the market place publication) are available for download at https://images.debian.org/cloud/<codename>/XXX, including link to build logs and a digital signature. Release of Bulls Eye (Debian 11) -------------------------------- The Debian Project will continue to support Debian 10 images after the publication of Debian 11 (Codename Bullseye) during Debian 10's official security support cycle. Images will be respinned whenever a network facing service on those images receives a public security update (via debian-security), whenever a major issue within those images is discovered or a kernel update for those has been published via official debian channels. For the convinience of our users our images are respinned approx. every eight weeks to collect all the other security updates issued for non-network facing security updates. Images will be no later be respinned than a stable point release. All changes to those images will be announced to the debian-cloud-announce@lists.debian.org mailing list. All images (beside to the market place publication) are available for download at https://images.debian.org/cloud/<codename>/XXX, including link to build logs and a digital signature. End of Security Support of Debian 10 ------------------------------------ With the end of the security support of Debian 10, the Debian Cloud team will publish an 'End of Service (EoS)' announcement to the debian-cloud-announce@lists.debian.org mailing list giving a 180 days warning period of the disappearance of Debian 10 cloud images in the according vendor marketplaces. This EoS mail will encourage our users to switch to newer cloud images. During this 180 days grace period images are respinned approx. every 3 months to collect all the security updates issued for Debian 10 via the LTS team. All changes to those images will be announced to the debian-cloud-announce@lists.debian.org mailing list. All images (beside to the market place publication) are available for download at https://images.debian.org/cloud/<codename>/XXX, including link to build logs and a digital signature. Announcing End of Service ------------------------- 10 days before the EoS, the Debian cloud team will send a reminder to the debian-cloud-announce@lists.debian.org mailing list to remind users of the removal of the according images from the vendor market places. This mail will also inform the users that the images are still discoverable via direct link for an other 180 days from the specifc vendors cloud storage, but no longer receive any updates from the Debian cloud team. After those 180 days, the End of Lifetime is reached. All images are available for download at https://images.debian.org/cloud/<codename>/XXX, including link to build logs and a digital signature. Announcing End of Liftime ------------------------- 10 days before the End of Lifetime is reached, the cloud providers will inform their users via their internal channels of the removal of the cloud images from their specific storage. All images are still available for download at https://images.debian.org/cloud/<codename>/XXX, including link to build logs and a digital signature. As stated above, this is only a proposal that I have not shared with any other person on the mailing list before sending it out. This is just an idea. Please feel free to either turn that idea down, or send any adjustments to it. Best regards, Martin -- Martin Zobel-Helas <zobel@debian.org> Debian System Administrator Debian & GNU/Linux Developer Debian Listmaster http://about.me/zobel Debian Webmaster GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B
Attachment:
signature.asc
Description: PGP signature