Re: ISP asking about switching to Debian from OpenBSD
On Tue, Nov 20, 2001 at 03:49:28PM -0800, nate wrote:
> i can think of one(IMO) glaring security problem in debian,
> that is the (now almost a year old) DOS attack against the
> openbsd ftpd port in debian potato. ive reported it to
> multiple places(including the security list) but never got
> a reply.
I've prodded security@d.o again to remind the relevant people that
something needs to be done.
> biggest con to debian is the near immediate abandonment
> of "stable" releases once a new "stable" release comes
> out. e.g. security/other fixes are not backported to
> the previous stable release. other vendors like
> redhat, suse, sun, etc(not sure about the bsds) typically
> backport their security fixes(at least) to the previous
> 2-3 stable releases.i wish debian would maintain that,
> at least backporting security fixes(nevemind the rest)
> 1 stable release.
This is basically just a question of lack of volunteer time and
interest, coupled with the long release cycle that means a lot of
developers shudder at the thought of trying to keep the ancient
monstrosity that was the last-but-one release up to date.
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: