# of supported packages (was Re: Is oldstable security support duration something to be proud of?)
Le March 10, 2008 04:43:30 pm, vous avez écrit :
> On Mon, Mar 10, 2008 at 04:13:43PM -0400, Filipus Klutiero wrote:
> > Le March 10, 2008 02:56:15 pm Luk Claes, vous avez ?crit?:
> > > Filipus Klutiero wrote:
> > > > Hi,
> > > > I reported #468765 about a questionable statement on www.debian.org.
> > > > Frank Lichtenheld wants this to be discussed.
> > > >
> > > > This statement is in a security announcement. Martin Schulze
> > > > confirmed that he wrote the statement. Does the security team think
> > > > that oldstable security support duration is something to be proud of?
> > > >
> > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468765
> > >
> > > Why would anyone question if a security support of at *least* 2,5 years
> > > by volunteers not be something to be proud of?
> >
> > The sentence does not talk about volunteers. Even if it did, I wouldn't
> > be less proud of my contributions to Debian if I was paid for them. And
> > from the readers POV, I don't appreciate Debian more because developers
> > are mostly volunteers.
> >
> > I already compared the duration of oldstable support in the bug report,
> > but let's look at the total security support duration of each release of
> > other free distros if you want. Let's take these 3 which are not too far
> > from Debian's quality:
> > RHEL and derivatives: 7 years
> > openSUSE: 2 years
> > Ubuntu: a bit more complex.
> > 1.5 in general
> > LTS releases: 3 on desktop, 5 on server
> >
> > Debian is somewhat better than openSUSE, equal or slightly worst than
> > Ubuntu and definitely worst than RHEL and derivatives. So on average,
> > Debian is somewhat worst than its main alternatives in this aspect.
>
> How about in # of packages we support? Does that bump us up at all in
> your pissing contest? There are many characteristics of security
> support (breadth, turnaround, stability, etc) - and different
> characteristics appeal to different users. We don't have to be proud
> that our N isn't as long as someone else's N, but we can certainly be
> proud to have honored the commitment we made to our users.
>
> Using # of years of support as a measurement of "goodness" is as silly
> as using # of advisories as a measurement of an OS's "secureness".
For the good of everyone who would still be following, let me quote the
sentence again:
> The Debian project is proud to be able to support its old
> distribution for such a long time and even for one year after a new version
> has been released.
This sentence specifically talks about the duration of security support.
Obviously there are other aspects of security support, but the sentence
doesn't talk about that, and it's not clear that Debian's security support
quality would be superior to others.
Regarding the "pissing contest", as you say,
who's starting a pissing contest here:
A) "I'm proud of my 15 cm machine."
B) "Better keep it for yourself, because that's the average."
I don't think that B is worst than A. In any case, I don't even use a
distribution other than Debian, let alone being responsible of its security,
so this is *not* a pissing contest.
Reply to: