Upstream kernel maintenance lifetime for bookworm and trixie

To: Debian release team <debian-release@lists.debian.org>, Debian LTS <debian-lts@lists.debian.org>
Cc: Debian kernel maintainers <debian-kernel@lists.debian.org>
Subject: Upstream kernel maintenance lifetime for bookworm and trixie
From: Ben Hutchings <ben@decadent.org.uk>
Date: Fri, 30 May 2025 00:28:16 +0200
Message-id: <[🔎] 27fad00664325fc191c8970f5d1cd6e7c2c5c82e.camel@decadent.org.uk>

Hello release and LTS teams,

Starting with Debian 6.0, we've used longterm stable branches of Linux
that were maintained upstream for 5-6 years.  The kernel packages in
these Debian releases have thus benefitted from upstream security
support (and other bug fixes) for their entire support lifetime.

This may not hold for Linux 6.1 (bookworm) or 6.12 (trixie).

Longterm stable branches
========================

Since the Linux 5.10 branch, the "projected EOL" for each longterm
stable branch shown at <https://www.kernel.org/category/releases.html>
has been set at December 2026, progressively reducing their lifetime to
2 years.

However, as the FAQ on that page states, "The "projected EOL" dates are
not set in stone", and the EOL for 6.1 has already been pushed back to
December 2027 (close to the end of bookworm LTS).  The kernel team is
hopeful that we can work with the upstream stable maintainers to extend
the lifetimes of 6.1 and 6.12 to cover the respective Debian releases.

But there is still the possibility that we may lose upstream security
support during the bookworm LTS period, and during trixie regular
support or LTS.  We would then need to do one of:

1. Maintain our own kernel branch with backported security fixes. This
is a lot of work, but could possibly be shared with Civil Infrastructure
Platform (CIP) or other distribution(s).
2. Switch to a newer longterm stable branch.

This mail is just to make you aware of this possibility.  We'll let you
know if we think that we are actually going to lose upstream support and
need to take one of those actions.

Real-time stable branches
=========================

Until recently, the real-time (PREEMPT_RT) kernel configuration required
a large number of patches to the mainline kernel.  There are separate
stable branches that include these patches, and separate maintainers for
those branches.  They have decided not to follow any extensions of the
EOL of the corresponding longterm stable branches.  (I don't see any
announcement of this on the mailing list, but see
<https://youtu.be/P0FZhs2ghOk?t=676>.)

This means that we may have to drop security support for these kernel
configurations, or entirely remove them if the patch series conflicts
with later changes to the corresponding longterm stable branch.  This is
more of a risk for bookworm than trixie, because the patches needed for
6.12 are much smaller.

On behalf of the kernel team,
Ben.

-- 
Ben Hutchings
Man invented language to satisfy his deep need to complain.
                                                          - Lily Tomlin

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: Re: krb5 review
Next by Date: Re: How much no-dsa is too much no-dsa?
Previous by thread: Re: How much no-dsa is too much no-dsa?
Next by thread: Debian LTS and ELTS report for May 2025
Index(es):
- Date
- Thread