Re: Debian security support for older versions

To: debian-user@lists.debian.org
Cc: Johann Spies <jspies@sun.ac.za>
Subject: Re: Debian security support for older versions
From: Nathan E Norman <nnorman@incanus.net>
Date: Fri, 28 Feb 2003 10:35:41 -0600
Message-id: <[🔎] 20030228163541.GB17048@incanus.net>
Mail-followup-to: debian-user@lists.debian.org, Johann Spies <jspies@sun.ac.za>
In-reply-to: <[🔎] 20030228094828.GF32168@adept.co.za>
References: <[🔎] 20030228094828.GF32168@adept.co.za>

On Fri, Feb 28, 2003 at 11:48:28AM +0200, Johann Spies wrote:
> The article "New Linux support policies are ominous" by Jon Lasser,
> Security Focus Online at
> http://www.theregister.co.uk/content/61/29330.html is disturbing. It
> highlights new support policies from Mandrake and Redhat that is bad
> for the reputation of Linux in the industry.  There is also a
> reference to Debian in it which underline the author's concern.

This article has already been discussed on debian-security (IIRC).
Note that the author's comments refer to the release of potato, not
woody.

I notice the author doesn't lambast Microsoft and other commercial
vendors for not supported outdated versions of their software.  I
wonder why not?

> What exactly is Debian's policy regarding security support for older
> versions?  I know there is still support for potato, but for how long?

Again IIRC (I'm too lazy to look it up; feel free to do the
research) debian has said they will support potato for one year, which
is until July 2003.

> What are the opinions of users of this list about the issue?

1) Using old[1] software is probably not the best security stance.

2) debian upgrades are relatively painless[2], especially compared to
other distributions.  Thus the cost of upgrading is diminished.

3) I see a commercial opportunity for third parties here.  If there
really is a massive demand for support of old RedHat/Mandrake/SuSE/
debian/whatever releases, someone should download the source, start
backporting bugfixes, determine a suitable fee, and advertise their
service.  If people would rather upgrade than pay ... well, I guess
that upgrade wasn't so expensive after all, was it?

Note that it is impossible for third parties to support old software
that is not open source.

[1] old as in ancient, as opposed to old as in stable[3]

[2] If there is pain, it is almost always documented!  RTFM of course.

[3] as in debian stable :-)

-- 
Nathan Norman - Incanus Networking mailto:nnorman@incanus.net
  We're sysadmins. To us, data is a protocol-overhead.

Reply to:

References:
- Debian security support for older versions
  - From: Johann Spies <jspies@sun.ac.za>

Prev by Date: Re: Netgear MA311 Wireless PCI Works
Next by Date: Re: Using one mailbox at ISP for many people
Previous by thread: Re: Debian security support for older versions
Next by thread: Re: Debian security support for older versions
Index(es):
- Date
- Thread