Re: Dreamhost dumps Debian

To: Russ Allbery <rra@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Dreamhost dumps Debian
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 21 Aug 2013 12:41:09 +0100
Message-id: <[🔎] 21012.42837.594440.318043@chiark.greenend.org.uk>
In-reply-to: <[🔎] 878uzws2nq.fsf@windlord.stanford.edu>
References: <[🔎] 87wqnhpkn3.fsf@jidanni.org> <[🔎] m338q5lbk6.fsf@neo.luffy.cx> <[🔎] 1376942753-sup-2696@fewbar.com> <[🔎] 871u5pmmlf.fsf@windlord.stanford.edu> <[🔎] CAKTje6ECtg-3tOaBa4bZujtwJpXAuth2ui1_25PnmQJ0=7jPng@mail.gmail.com> <[🔎] 878uzws2nq.fsf@windlord.stanford.edu>

Russ Allbery writes ("Re: Dreamhost dumps Debian"):
> Yeah, I know.  But the number of such exceptions is relatively limited,
> enough so that we can issue security advisories saying they're not
> supported any more.  It's not a comfortable compromise, but it seems to be
> a workable one.  The LTS security policy is quite a bit broader in its
> implications.

I think we need to do more than that.  We need to arrange to
automatically disable affected software (by default).  (And that has
to be done in a way that allows an affected user to re-enable it, and
which is sorted out properly on upgrade.)

Ian.

Reply to:

Follow-Ups:
- Re: Dreamhost dumps Debian
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

References:
- Dreamhost dumps Debian
  - From: jidanni@jidanni.org
- Re: Dreamhost dumps Debian
  - From: Vincent Bernat <bernat@debian.org>
- Re: Dreamhost dumps Debian
  - From: Clint Byrum <spamaps@debian.org>
- Re: Dreamhost dumps Debian
  - From: Russ Allbery <rra@debian.org>
- Re: Dreamhost dumps Debian
  - From: Paul Wise <pabs@debian.org>
- Re: Dreamhost dumps Debian
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Dreamhost dumps Debian
Next by Date: Re: Dreamhost dumps Debian
Previous by thread: Re: Dreamhost dumps Debian
Next by thread: Re: Dreamhost dumps Debian
Index(es):
- Date
- Thread