Re: Security support proposed workflow for the very-old-stable
On 08/20/2013 11:44 PM, Adam Borowski wrote:
> On Tue, Aug 20, 2013 at 09:33:52PM +0200, Thomas Goirand wrote:
>> My initial idea wasn't to never *impose* the extended security
>> maintenance to all DDs. Instead, we could do it on a best-effort basis,
>> collectively. Meaning that anyone willing to do security fixes for the
>> EOL distribution (one year after stable is released) could do so through
>> a special repository. [...]
>> This effort could be done experimentally to start with, through a
>> non-official debian.net repository, when Squeeze will be EOL. Then if it
>> works well for the next 2 years after Squeeze is EOL, then probably we
>> can make it a bit more official.
> There's a practical consideration from starting with mostly-official:
> old systems won't configure themselves to use your repository, and in the
> real world, they don't even care about such details like no security
> support. The box does still work? It can stay.
> Thus it might be good to host the best-effort repository on, or 302ed from,
> http://security.debian.org/ squeeze/updates
I agree, though this needs the FTP masters and security team to be
involved, and probably some infrastructure change too. Which might not
be practical. Of course, any of the parties involved can jump in this
thread and tell they want to do it... Though if they don't, I don't see
any other way we could do it.