[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3389-1] elasticsearch end-of-life

 ❦  1 novembre 2015 23:22 +0100, Moritz Muehlenhoff <jmm@debian.org> :

> Security support for elasticsearch in jessie is hereby discontinued. The
> project no longer releases information on fixed security issues which
> allow backporting them to released versions of Debian and actively
> discourages from doing so.
> elasticsearch will also be removed from Debian stretch (the next stable
> Debian release), but will continue to remain in unstable and available
> in jessie-backports.

There are many tradeoffs recently with projects that do not want to
provide a sensible security track for stable releases:

 - always package the latest release (Chromium)
 - always package the latest release of an upstream stable branch (MySQL)
 - always package the latest release through backports (without using testing)

I suppose that the first two options are to be negotiated with the
release team. Is the last option open to any package or does it need to
be negotiated with the FTP masters?
Make input easy to prepare and output self-explanatory.
            - The Elements of Programming Style (Kernighan & Plauger)

Attachment: signature.asc
Description: PGP signature

Reply to: