On Thu, 2012-10-11 at 21:45 +0200, Simon Josefsson wrote: > IMHO, supporting an OS release for only 3 years is not long enough. I think that such very-long-term security support is quite an illusion. Of course, problems found get then back-ported,... but software changes so rapidly while usually the quite recent versions are tested/analysed... so it's questionable whether issues in very old versions will ever be found (be the good guys), simply because they are no longer that intensively looked at. No to speak about all issues that get silently closed, simply because no one ever notices that there was actually a problem. So IMHO, the older software gets, the less security support can be provided. Personally I think the 3 years are fine. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature