Re: Outrage at Debian dropping security for 2.1
On Thu, Sep 28, 2000 at 23:36:37 -0500 (+0000), Branden Robinson wrote:
> It was pointed out to me today that perhaps Mr. Peacock did not release
> that Debian 2.1, a.k.a "slink", is *not* the currently released version of
> the Debian system.
> Does Mr. Peacock expect Debian to provide security updates for Debian 2.0,
> 1.3, 1.2, or 1.1? Does he expect, say, Red Hat, to provide security
> updates for 6.0? How about 5.0? 4.2? 1.0?
For important packages I'd say leave it _at least_ a year before stopping
security fixes for important programs (such as *ftpd but _not_ quake).
In the commercial (apologies for using that word) world, yes you do still
get support. Look at IBM and OS/2 - and how long some products have to
support that (5 years?).
Users should upgrade when they want to, not due to lack of security fixes.
OTOH I remember a "request for comments" going out on this subject, and I
must admit that I didn't comment then.
I think one way to manage this is to get a more automated build system. How
about trying to work around to only having packages compiled on build boxes
- maintainers can only upload diffs and tarballs?
Then by uploading a patch, some automation might be possible and most
certainly the amount of effort taken would be reduced - just upload the
changes and watch all platforms get recompiled automatically....
Windows NT - Unix in beta-testing. GPG/PGP keys available on public key servers
Debian GNU/Linux -*- By professionals for professionals -*- www.debian.org