[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Outrage at Debian dropping security for 2.1

On Sat, 30 Sep 2000, Steve Dobson wrote:

> Users want a stable and secure OS.

Debian comes with no warranty of fitness or otherwise.
If you break it, you get to keep both pieces.

> If I had to upgrade to the latest version of unstable Debian 
> to get a needed security fix that is an unacceptable 
> requirement on me as a user. 

Nobody is saying that at _all_.  What is being said is:

Debian's volunteers and energy will be spent on Stable, which is currently
Potato.  If you have a production system running something older, support
is something you might want think about, it isn't a priority for the
developers, since it's now obsolete, replaced, _OLD_ software.

You have the source, you have the tools. If you don't have the
time/money/knowledge/resources to maintain a production system running
something old, then upgrade.  If you do have any/all of these, stick to
running Slink/etc.  Debian comes with no warranty and the security team
has decided it's time to move on.

> We need to define a reasonable period over which we support
> both the stable and the obsolete versions. 

No, 'we' don't.  The security team does.  If they truly made a decision
that 'Debian' as a whole disagreed with, then someone will ask for a vote
on it, or other remedy.  But I doubt it.

> I believe that six months is a reasonable time frame 
> for overlay support given our 2 year release cycle.

Ok, congratulations.  You want to volunteer to maintain Slink for 6
months?  Go for it.  You have the sources, you have the tools.  You will
even have some of the knowledge, because as security issues are
discovered, people will typically issues patches.  Apply them, and have
fun.  Maybe someone will pay you to do it.  Maybe not.  Maybe someone else
will volunteer time.  Maybe you will do it 'officially,' probably not.

Red Hat charges for support.  Red Hat charges for the 'official'
software.  Red Hat sells contracts, and pays employees to work on things.
Debian is not Red Hat, and shouldn't be held to the same standards.

If you want to start a company up, maybe ODORS inc. (Organized Debian
Obsolete Release Support), have at it.  You might be able to make some
money at it.  I don't tbink it will be a fun job, but that's why you get
paid for it.

Reply to: