[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: concerns about Salsa

On Fri, Jun 8, 2018 at 8:31 PM, Russell Stuart wrote:

> I didn't realise Wordpress had an auto-upgrade system.  That put's in
> the same league as the Browsers like Chrome and Firefox.  I'm
> impressed.
> However, it's not the same service that Debian offers.  Wordpress has
> an auto upgrade system to the new version.

In the uses where I've had to deal with Wordpress and other web cruft
I got the impression that the "latest version" upgrade system was
generally preferred. I don't recall any issues with plugins on upgrade
either. Perhaps others had to deal with that. I know the Firefox XUL
to WebExtension transition is going to be hell, at least for me.

> The difference between the two is pretty obvious to the person paying
> the bills.  I suspect that is the real reason Debian, a project that
> has no income to speak of, somehow manages to have all the
> infrastructure it does - 60TB servers for snapshots, a mirror network
> and CDN, LWN subscriptions, free venues for its conferences and I
> suspect lots other things.  I don't know of another open source project
> that gets even remotely close to this level of support.  It would be
> downright peculiar, if it weren't for the fact that the value of the
> service Debian provides can be judged by RedHat's turnover, which is
> about $3 Billion/year.  For the firms throwing the occasional piece of
> chump change Debian's way it must look like the bargain of the century.

Debian actually gets a reasonable amount of income from DebConf each
year (but miniscule compared to RH of course). All the things you
mention (except venues for some DebConf years) are donated by our
sponsors and partners. We don't really attempt to determine the
financial value of these donations but I agree they are quite
significant. OTOH I think that other distros like FreeBSD get probably
similar levels of donations.

BTW, thanks for putting the value of Debian into perspective in this paragraph.

> Is there some public proxy measure for this?  For example, the number
> of outstanding CVE's, or average days it takes for a CVE to get fixed?

The statistics page lists one page for security statistics:


Unfortunately it is out of date (probably since the git transition)
and doesn't seem to include the info you want.



Reply to: