[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: EOL candidates for security-support-ended.deb10

On Aug 5, 2022 13:39, Emilio Pozuelo Monfort <pochu@debian.org> wrote:
> If things have stabilized, with fewer issues and a more 
> stabilized code, and upstream provides enough information, then I see no reason 
> why we can't support it. 
> Cheers, 
> Emilio 

It really is the case.

At the begining of the project 10 years ago, we had on average of one grave CVE each 2 weeks. Now it's more 2 per year.

Also, as it became more mature, OpenStack has less contributors, so it moves slower. This means codebase between releases changes less, and it is easier to backport.

Also in the past, I had help from upstream (in Nova) for some nasty fixes hard to backport. I do expect help again.

If we take this decision, I'd like to announce it on the openstack-discuss list, so let's make it clear what route we're taking.

Thomas Goirand (zigo)

Reply to: