[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Results from the Security Survey last Year

Debian Security Survey                                   joey@debian.org
http://www.debian.org/security/                           Martin Schulze
February 17th, 2003                   http://www.debian.org/security/faq

Results from the Security Survey last Year

Counted votes total        : 153
Votes used for calculations: 130

Too many people (about 100) didn't supply proper dates but used free
text for responses to the questions I initially asked.  Hence, their
answers need to be interpreted into a date or ignored.

Assuming "forever" as December 31st, 2003 we get these results:

Wait upgrading approximately until   : March 15, 2003
Want support for potato approx. until: March 11, 2003

The results vary a little bit if the answer is weighted by the number
of potato machines these people maintain:

Wait upgrading approximately until   : November 3, 2003
Want support for potato approx. until: October 23, 2003

However, one person answered the questions and revealed that he
maintains some 4000 machines running potato that he cannot simply
upgrade to woody.  He will replace the machines with woody systems,
though, in case of failures.  So, removing this answer, the results
(still weighted) become:

Wait upgrading approximately until   : June 11th, 2003
Want support for potato approx. until: May 2nd, 2003

If the interpretation of "forever" is changed into December 31st,
2004, the calculated results (still weighted) will move up again:

Wait upgrading approximately until   : September 18, 2003
Want support for potato approx. until: May 27, 2003

In general it seems that many Debian administrators would rather like
to stay with the old stable release before upgrading, for about one
year after a new stable version has been released.  This places a
heavy burdon on the security team which has to support the old stable
distribution for one year.  This means, supporting two distributions
(including all architectures) for one year after a new stable
distribution has been released.


I will probably continue to support potato with security updates at
least until end of June 2003 and I hope that the other members of the
Security Team will do the same.  This means that we support potato for
additional 12 months after the release of woody, which is much more
than users can expect from a group of volunteers who only work on the
system for the sake of it.

However, since investigating, correcting and fixing packages for two
entirely different code bases needs to be done, supporting woody and
potato is very time consuming and you should not expect security
updates for potato after the end of June 2003.  You should have
upgraded to woody anyway.



Life is too short to run proprietary software.  -- Bdale Garbee

Attachment: pgpgKbpKFKRGg.pgp
Description: PGP signature

Reply to: