[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (seemingly) declinging bug report numbers

On Thu, 2012-10-11 at 21:45 +0200, Simon Josefsson wrote:
> IMHO, supporting an OS release for only 3 years is not long enough.

I think that such very-long-term security support is quite an illusion.

Of course, problems found get then back-ported,... but software changes
so rapidly while usually the quite recent versions are
tested/analysed... so it's questionable whether issues in very old
versions will ever be found (be the good guys), simply because they are
no longer that intensively looked at.

No to speak about all issues that get silently closed, simply because no
one ever notices that there was actually a problem.

So IMHO, the older software gets, the less security support can be
provided. Personally I think the 3 years are fine.


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: