[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Outrage at Debian dropping security for 2.1

On Thu, Sep 28, 2000 at 23:36:37 -0500 (+0000), Branden Robinson wrote:
> It was pointed out to me today that perhaps Mr. Peacock did not release
> that Debian 2.1, a.k.a "slink", is *not* the currently released version of
> the Debian system.
> Does Mr. Peacock expect Debian to provide security updates for Debian 2.0,
> 1.3, 1.2, or 1.1?  Does he expect, say, Red Hat, to provide security
> updates for 6.0?  How about 5.0?  4.2?  1.0?

For important packages I'd say leave it _at least_ a year before stopping
security fixes for important programs (such as *ftpd but _not_ quake).

In the commercial (apologies for using that word) world, yes you do still
get support.  Look at IBM and OS/2 - and how long some products have to
support that (5 years?).

Users should upgrade when they want to, not due to lack of security fixes.

OTOH I remember a "request for comments" going out on this subject, and I
must admit that I didn't comment then.

I think one way to manage this is to get a more automated build system.  How
about trying to work around to only having packages compiled on build boxes
- maintainers can only upload diffs and tarballs?

Then by uploading a patch, some automation might be possible and most
certainly the amount of effort taken would be reduced - just upload the
changes and watch all platforms get recompiled automatically....


Email: adrian.bridgett@iname.com
Windows NT - Unix in beta-testing. GPG/PGP keys available on public key servers
Debian GNU/Linux  -*-  By professionals for professionals  -*-  www.debian.org

Reply to: