Hi I would like to state at the outset that I am not the person that this Jonathan Walther replied to, but I did read that posting and knew I would be following it with interest. On Thu, Sep 28, 2000 at 12:01:03PM -0700, Jonathan Walther wrote: > If you want us to support security, perhaps you > could propose some incentive? We are all volunteers > here at Debian, interested in putting out a quality > distribution. Your time is limited, otherwise I'm sure > you too would love to fix and upgrade your distribution > from source. But our time is also limited, and we want > the most bang for buck out of it. That means not fighting > the current of progress, and keeping up with new versions > of software. > I am a Debian Developer wanna be -- currently going through the processes. I am also in the lucky position now of Debian being the _only_ OS I use. So here I can see both sides of the argument. Developers only want to work on the *new* and exciting stuff. Users want a stable and secure OS. At work I upgraded to potato way to early; because I wanted one of the cool new features of one of the packages -- I forget which now. This was a mistake, I spent far to much time updating the systems trying to get it to a stable state. > If security updates are of concern to you, perhaps you > could get your company to pay some Debian maintainers to > work on the old distribution. If you have the time, > perhaps you would like to volunteer to do some of that > maintainership yours. > Security issues should be of concern to everyone. As we spend more and more of our time one line (both at work and at home) so the need to be secure increases. Here in the UK our government is making moves to make digital signatures legally binding in a court of law. I, therefore, can not afford to run an OS which isn't secure. If I had to upgrade to the latest version of unstable Debian to get a needed security fix that is an unacceptable requirement on me as a user. Would you want to upgrade all your machines to woody when it is in a broken state? > The distribution we've just released is the culmination > of 2 years of hard work for us. Try it. You'll like it. > Unlike many other distributions which require a reinstall > from scratch, Debian guarantees a reliable upgrade path. > The problem is how long to we support obsolete (slink and before) releases? Anyone using Debian needs to find time when it is safe to do the upgrade. If one is nearing the end of an import project, now is not the time to upgrade. We need to define a reasonable period over which we support both the stable and the obsolete versions. This will give our uses time to plane the change over. Companies or large organisations can then trial the change over and find out what issue they may in counter. Private or small companys can find an appropriate time to do the change. It would also be polite to announce when we would be cutting support. Users would then know when they need to act by. Jut cutting support is a bit like putting a gun to the users head and saying upgrade to potato now or suffer. I believe that six months is a reasonable time frame for overlay support given our 2 year release cycle. -- Steve Dobson steve.dobson@krasnegar.demon.co.uk I either want less decadence or more chance to participate in it.
Attachment:
pgpHcDOau_Yft.pgp
Description: PGP signature