Re: Extended Long Term Support for Wheezy, CIP
On Thu, Feb 22, 2018 at 02:57:07PM +0100, Raphael Hertzog wrote:
> Hello,
>
> On Tue, 20 Feb 2018, Moritz Mühlenhoff wrote:
> > LTS has a clearly defined scope, while this is essentially contracting
> > work to extend the life time of some packages for some customers.
> >
> > I don't see a compelling reason for it to run on Debian infrastructure.
>
> This was also my first feeling but if you include the CIP into
> the picture, you can conceive this as a first step into a new direction.
> Let me explain at the end.
>
> But assuming that we keep updates hosted on some debian.org host, do you
> think it's OK to continue to use the security tracker to track
> vulnerabilities in wheezy?
>
> On Tue, 20 Feb 2018, Joerg Jaspert wrote:
> > If this would be "just" extending the current LTS ways for more time,
> > then it would be OKish to stay on donated, voluntarily managed,
> > infrastructure. After all it helps all users of wheezy with updates,
> > nominally over all of wheezy.
> >
> > But the proposal is effectively just for a benefit of a few paying
> > customers, with a very selected set of packages and architectures, all
> > the rest lost out. Thats not ok to ask volunteers to support, nor
> > is it ok to use projects infrastructure for. The companies that want it,
> > should run it.
>
> Just to clarify, the set of packages/architectures supported is
> effectively selected by the sponsors, but the resulting work is
> made available to all.
>
> On Thu, 22 Feb 2018, Philip Hands wrote:
> > I'm in favour of making it possible for our users to build structures
> > that enable longer support periods if that's what they require. There
> > would seem to be a need for an OS that would have support measured in
> > decades rather than years, and we should not get in the way of Debian
> > being that OS.
>
> Indeed. And it's the reason why I mentionned CIP in my initial mail. They
> are not interested in longer support for wheezy (too early for them) but
> they are interested in working with us and helping us to make this
> possible as part of Debian. One of the persons I am in contact with
> mentioned that CIP members could (at some point) contribute security
> updates within Debian.
>
> Looking a bit further, I see a way forward where we have the security
> team (first 3 years), the LTS team (next 2 years), CIP members (next 10
> years) taking over the charge of security updates for a given release.
>
> And indeed if we prepare the infrastructure for this by finding a way
> to host the updates for wheezy for longer than expected, we pave the
> way for CIP to take over security maintenance of our old releases.
>
> > I would however suggest that it should not be part of the normal mirror
> > area, since:
>
> Ack on all this. That's why I suggested to keep only the part on
> security.debian.org and drop the part on the main mirror.
> But we can also consider setting up slts.debian.org (Super Long Term
> Maintenance) and move wheezy entirely over there.
>
> Could this be a new DAK install managed by ftp-masters that would
> be continued to be signed with the official wheezy key? Otherwise
> it will be harder for users to transition if they have to install
> a new key. Or is there a way to let another team manage the repository and
> still get official signatures of the repositories?
>
> Cheers,
> --
> Raphaël Hertzog ??? Debian Developer
>
> Support Debian LTS: https://www.freexian.com/services/debian-lts.html
> Learn to master Debian: https://debian-handbook.info/get/
>
But what is "CIP"?
My websearch did bring up "Clean In Place" and "Christelijk Intromatie Platform" ...
Groeten
Geert Stappers
--
Leven en laten leven
Reply to: