[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Outrage at Debian dropping security for 2.1

Branden Robinson:

> Does Mr. Peacock expect Debian to provide security updates for Debian 2.0,
> 1.3, 1.2, or 1.1?  Does he expect, say, Red Hat, to provide security
> updates for 6.0?  How about 5.0?  4.2?  1.0?

> If someone is willing to maintain reliable, net-accessible slink, hamm, bo,
> rex, and buzz boxen for all architectures supported by those releases, then
> perhaps we can do what Mr. Peacock expects.  Otherwise...

A few of us discussed this last night at our LUG meeting, and the obvious
answer is that since the security fixes tend include source changes,
someone can always grab the source for the 'security' fix from the later
version and rebuild the package.  Yes, some libraries etc might need to be
changed, and this isn't 100% but anyone who is sticking with Slink for
production purposes should be able to use Potato fixes in many cases.

In the rare cases where things don't work, I'd bet if someone posted a
request for a Slink package version of a new security fix, saying clearly 
that the existing Potato package didn't work, someone would repackage it
to fit.

In another vein, this clearly could be support revenue for someone
interested.  Supporting older Debian releases could be very lucrative for
the right person(s).  Maybe Debian's normal volunteer security team isn't
interested, but someone might be if the price was right.

Seth Cohn

Reply to: