Re: Security support proposed workflow for the very-old-stable (was: Dreamhost dumps Debian)

To: debian-devel@lists.debian.org
Subject: Re: Security support proposed workflow for the very-old-stable (was: Dreamhost dumps Debian)
From: Adam Borowski <kilobyte@angband.pl>
Date: Tue, 20 Aug 2013 23:44:10 +0200
Message-id: <[🔎] 20130820214410.GB9078@angband.pl>
In-reply-to: <[🔎] 5213C4A0.9000201@debian.org>
References: <[🔎] 87wqnhpkn3.fsf@jidanni.org> <[🔎] m338q5lbk6.fsf@neo.luffy.cx> <[🔎] 1376942753-sup-2696@fewbar.com> <[🔎] m3y57xjsg6.fsf@neo.luffy.cx> <[🔎] CANTw=MPS7nStpVOP+nwmZMZ68Vi6w1_X9uVzX7G8oajVe_Bt=g@mail.gmail.com> <[🔎] 20130820104618.GB15342@virgil.dodds.net> <[🔎] CAKcBokvuuYJL3ggibfjjx2_2WUc+q0tbO+GsKgXQ9axQLxxk9Q@mail.gmail.com> <[🔎] 1377011275-sup-1973@fewbar.com> <[🔎] 5213C4A0.9000201@debian.org>

On Tue, Aug 20, 2013 at 09:33:52PM +0200, Thomas Goirand wrote:
> My initial idea wasn't to never *impose* the extended security
> maintenance to all DDs. Instead, we could do it on a best-effort basis,
> collectively. Meaning that anyone willing to do security fixes for the
> EOL distribution (one year after stable is released) could do so through
> a special repository. [...]
> 
> This effort could be done experimentally to start with, through a
> non-official debian.net repository, when Squeeze will be EOL. Then if it
> works well for the next 2 years after Squeeze is EOL, then probably we
> can make it a bit more official.

There's a practical consideration from starting with mostly-official:
old systems won't configure themselves to use your repository, and in the
real world, they don't even care about such details like no security
support.  The box does still work?  It can stay.

Thus it might be good to host the best-effort repository on, or 302ed from,
http://security.debian.org/ squeeze/updates

-- 
ᛊᚨᚾᛁᛏᚣ᛫ᛁᛊ᛫ᚠᛟᚱ᛫ᚦᛖ᛫ᚹᛖᚨᚲ

Reply to:

Follow-Ups:
- Re: Security support proposed workflow for the very-old-stable
  - From: Thomas Goirand <zigo@debian.org>

References:
- Dreamhost dumps Debian
  - From: jidanni@jidanni.org
- Re: Dreamhost dumps Debian
  - From: Vincent Bernat <bernat@debian.org>
- Re: Dreamhost dumps Debian
  - From: Clint Byrum <spamaps@debian.org>
- Re: Dreamhost dumps Debian
  - From: Vincent Bernat <bernat@debian.org>
- Re: Dreamhost dumps Debian
  - From: Michael Gilbert <mgilbert@debian.org>
- Re: Dreamhost dumps Debian
  - From: Steve Langasek <vorlon@debian.org>
- Re: Dreamhost dumps Debian
  - From: Pau Garcia i Quiles <pgquiles@elpauer.org>
- Re: Dreamhost dumps Debian
  - From: Clint Byrum <spamaps@debian.org>
- Re: Security support proposed workflow for the very-old-stable (was: Dreamhost dumps Debian)
  - From: Thomas Goirand <zigo@debian.org>

Prev by Date: Re: Bug#720202: ITP: qreator -- utility for creating QR codes
Next by Date: Re: overriding udev rules
Previous by thread: Re: Security support proposed workflow for the very-old-stable (was: Dreamhost dumps Debian)
Next by thread: Re: Security support proposed workflow for the very-old-stable
Index(es):
- Date
- Thread