[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security updates realized by new releases, case for backports?

Op 04-10-13 14:16, Emmanuel Thierry schreef:
> 
> Hello,
> 
> Le 4 oct. 2013 à 13:39, Demetris Demetriou <mitsosgtir@gmail.com> a
> écrit :
> 
>> Hi all, long time reader, first time responder.
> 
> Me too !
> 
>> IMHO this backporting, support of version 0.001 etc. etc. should be
>> dropped. Linux is already the mess it is with all the developer
>> fragmentation. Don't like the way the file menu is? Fork the
>> program and take a couple of the best developers with you, teaching
>> them to hate the people they used to work with and you are done.
>> It's the GPL way!
>> 
>> Security fixes should NOT be patches affecting old code, but
>> instead a security fix found by someone should be pushed upstream
>> to be incorporated in a newer upstream release. I understand the
>> need to support extremely old versions of software. After all it
>> makes a lot more sense to have 10 developers patching old code so
>> that person X can run Linux on his old Pentium (1) machine, than to
>> spend the 400 euros to get a brand new laptop that's able to run
>> newer software versions. Never mind the used computers available at
>> better prices. Spending your money is always a bad thing, therefore
>> developers should invest their time scratching their head on how to
>> support your outdated software. Do I really need a sarcasm
>> disclaimer in this post? I guess so, since this IS the facebook
>> generation. This paragraph is pure sarcasm. In no way should
>> developers be forced to maintain old code.
>> 
>> (…)
> 
> I think ArchLinux is made for you ! :)
> 
> 
> About the initial topic, the problem i see is that Debian may operate
> both as a desktop or as a server (among other usages), and people
> usually don't have the same needs for both usages : * Most of people
> i know who use Debian as a desktop use the testing repositories. They
> want to be up to date with newest versions. (For this usage, i
> personally prefer a Ubuntu desktop) * Most of people i know (me
> either) who use Debian as a server use the stable repositories. They
> want to have a secure, stable, and almost deterministic system. For
> my Debian servers, i personally don't want to have backports
> pre-configured, because i'm ok with old but very-stable versions of
> apache, php, mysql, unbound, nsd, postfix, dovecot and so on. And i
> know it won't break nor change its behavior all along the life of the
> distribution.

My opinion about the server-use is the same, but I also like stable on
desktops.

Backports is not used by default. Only when you ask explicitly for a
backport you get it. Something like:
apt-get -t squeeze-backports install ...

See: http://backports.debian.org/Instructions/

An exception is when a package is only available in backports, or when a
package from backports is installed (then you get upgrades from
backports for that package).

You will never get e.g. a new Apache from backports when you don't want it.

With regards,
Paul van der Vlis.

> I think the reflexion about this topic should consider these distinct
> usages.
> 
> Best regards. Emmanuel Thierry
> 
> 





-- 
Paul van der Vlis Linux systeembeheer, Groningen
http://www.vandervlis.nl/
Reply to: