Re: Security updates realized by new releases, case for backports?

To: Demetris Demetriou <mitsosgtir@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: Security updates realized by new releases, case for backports?
From: Emmanuel Thierry <ml@sekil.fr>
Date: Fri, 4 Oct 2013 14:16:38 +0200
Message-id: <[🔎] 6773F9BC-C670-45B3-8B24-846DFB2DE17F@sekil.fr>
In-reply-to: <[🔎] 524EA8E9.6070506@gmail.com>
References: <[🔎] l2jodp$1sr$1@ger.gmane.org> <[🔎] 20131003164457.46dfc0e9@eunet.rs> <[🔎] l2kfb4$sp7$1@ger.gmane.org> <[🔎] 20131003225208.4c7f87ed@eunet.rs> <[🔎] 524EA8E9.6070506@gmail.com>

Hello,

Le 4 oct. 2013 à 13:39, Demetris Demetriou <mitsosgtir@gmail.com> a écrit :

> Hi all,
> long time reader, first time responder.

Me too !

> IMHO this backporting, support of version 0.001 etc. etc. should be dropped. Linux is already the mess it is with all the developer fragmentation. Don't like the way the file menu is? Fork the program and take a couple of the best developers with you, teaching them to hate the people they used to work with and you are done. It's the GPL way!
> 
> Security fixes should NOT be patches affecting old code, but instead a security fix found by someone should be pushed upstream to be incorporated in a newer upstream release. I understand the need to support extremely old versions of software. After all it makes a lot more sense to have 10 developers patching old code so that person X can run Linux on his old Pentium (1) machine, than to spend the 400 euros to get a brand new laptop that's able to run newer software versions. Never mind the used computers available at better prices. Spending your money is always a bad thing, therefore developers should invest their time scratching their head on how to support your outdated software. Do I really need a sarcasm disclaimer in this post? I guess so, since this IS the facebook generation. This paragraph is pure sarcasm. In no way should developers be forced to maintain old code.
> 
> (…)

I think ArchLinux is made for you ! :)


About the initial topic, the problem i see is that Debian may operate both as a desktop or as a server (among other usages), and people usually don't have the same needs for both usages :
* Most of people i know who use Debian as a desktop use the testing repositories. They want to be up to date with newest versions. (For this usage, i personally prefer a Ubuntu desktop)
* Most of people i know (me either) who use Debian as a server use the stable repositories. They want to have a secure, stable, and almost deterministic system.
For my Debian servers, i personally don't want to have backports pre-configured, because i'm ok with old but very-stable versions of apache, php, mysql, unbound, nsd, postfix, dovecot and so on. And i know it won't break nor change its behavior all along the life of the distribution.

I think the reflexion about this topic should consider these distinct usages.

Best regards.
Emmanuel Thierry

Reply to:

Follow-Ups:
- Re: Security updates realized by new releases, case for backports?
  - From: Paul van der Vlis <paul@vandervlis.nl>

References:
- Security updates realized by new releases, case for backports?
  - From: Paul van der Vlis <paul@vandervlis.nl>
- Re: Security updates realized by new releases, case for backports?
  - From: Marko Randjelovic <markoran@eunet.rs>
- Re: Security updates realized by new releases, case for backports?
  - From: Paul van der Vlis <paul@vandervlis.nl>
- Re: Security updates realized by new releases, case for backports?
  - From: Marko Randjelovic <markoran@eunet.rs>
- Re: Security updates realized by new releases, case for backports?
  - From: Demetris Demetriou <mitsosgtir@gmail.com>

Prev by Date: Re: Security updates realized by new releases, case for backports?
Next by Date: Re: Security updates realized by new releases, case for backports?
Previous by thread: Re: Security updates realized by new releases, case for backports?
Next by thread: Re: Security updates realized by new releases, case for backports?
Index(es):
- Date
- Thread