Re: Debian breaks commitment to support Lenny until after Wheezy is released
On 15/02/12 14:47, Arcady Genkin wrote:
> On Tue, Feb 14, 2012 at 18:53, Scott Ferguson
> <prettyfly.productions@gmail.com> wrote:
>
>> And subsequently noted that Squeeze was *not* released when
>> anticipated. I presumed that meant the upgrade from Lenny to Wheezy
>> would not be happening. (I'm cynical about release schedules and
>> "skip" upgrades)
>
> I wish we saw this coming, too.
>
>> NOTE: this subject has come up many times on various Debian lists
>> over the last year. I'm truly sorry you've not been aware of it.
>
> We are subscribed to the announcements list, but we don't generally
> monitor any other Debian lists.
My sympathies - be sure that list readers will try and help you, but
there's little more they can do.
Certainly it has been discussed on this list and the www list previously
- though by only monitoring the announce lists you wouldn't know.
Perhaps you should file a bug report with the announce list - it
certainly seems like a reasonable request.
It was widely discussed outside of Debian too:-
http://www.google.com/search?q=lenny+end+of+support&ie=utf-8&oe=utf-8&aq=t&tbs=cdr:1%2Ccd_min%3A6%2F23%2F2009%2Ccd_max%3A1%2F23%2F2012
Apparently the reminders where circulating on Ffffacebook last year...
<snipped>
>
> If Wheezy comes out in Feb 2013,
If. If.
Don't bet the farm on it. I have the greatest confidence in the Debian
teams - mainly to put stability ahead of timetables.
> then Squeeze will become unsupported in Feb 2014, right?
Yes (if)
> Since summer is the only convenient time for us to do an upgrade,
> we'll have to do it in the summer of 2013, which is a year from now.
I can appreciate the inconvenience, I guess you'll have to put that down
to (bitter) experience. We expected Squeeze a lot earlier than it
actually arrived - and we didn't see 3.2x kernels coming either - now we
have the problem of dealing with 2.6x i386 kernels and *not* using 3.2x
kernels for 64-bit (didn't expect that until Wheezy, and no risk
management strategy for it - this is causing a problem as support
contracts bind us to some client developers desires...). In that case it
was forced by an upstream decision. Adapt and overcome [Gaelic shrug] ;-)
<snipped>
> Not according to the announcement I linked to in the original post.
> The promise for extended support for Lenny was worded relative to
> the release date of Wheezy, and not as a certain number of
> additional years.
I'm sorry - I've re-read that several times, I'm tired, and maybe I
misheard - but "support" doesn't seem to be mentioned.
I did link to the "official" support lifetime policy...
>
>> No where in the original announcement was an extended support
>> lifetime for Lenny discussed - only a "skip" upgrade *if* Squeeze
>> was released early.
>
> Quoting from the announcement once again: "To accommodate the needs
> of larger organisations and other users with a long upgrade process,
> the Debian project commits to provide the possibility to skip the
> upcoming release and do a skip-upgrade straight from Debian GNU/Linux
> 5.0 ("Lenny") to Debian GNU/Linux 7.0 (not yet codenamed)."
>
> I don't see any ifs there, it's all worded pretty straight
> forwardly.
In what you are (selectively) quoting - no. I quoted the relevant,
preceding, qualification for a reason :-)
"Since Debian's last release happened on Feb. 14th 2009, there will only
be approximately a one year period until its next release, Debian
GNU/Linux 6.0 (codenamed "Squeeze"). "
The above did *not* happen :-(
Squeeze wasn't released until the second of June (right in the middle of
the busy part of the business year) - *over a year later*
"This *will* be a one-time exception to the two-year policy in order to
get into the new time schedule."
*will* is presumptive, ergo the "one-time" exception *couldn't* take
place. :-/
More importantly - I'm not sure that debating a moot point is helpful to
your predicament - support *has* ended. Perhaps it can be extended[*1] -
at this point in Lenny's lifetime the work involved in maintained
support privately would not be great - several appliance companies do
the same internally for Etch.
[*1]See:-
http://lists.debian.org/debian-devel-announce/2011/01/msg00006.html
for a link to the minutes of the discussions. The Security Team would be
the proper folk to talk to - at least they might tell you why the policy
(one year after the release of stable) is in place.
Perhaps, aside from lobbying for support extensions (which would require
forking existing development resources) you could ask for assistance in
extending support for your needs *and* how to move to Squeeze (belt and
suspenders).
>
> Secondly, do you mean to say that "possibility to skip the upcoming
> release" does not include promise of support?
That was always my "assumption" - please note that I don't speak for the
teams involved - I'm just someone in a similar position to you.
The word "support" does not appear in the reference. I can understand
how some people 'might' infer that support was implied - but that would
require the pre-existing support lifetime policy to be invalid (and the
people concerned can't duplicate their time at will).
> That would be totally ridiculous, especially given that the exception
> is offered with "larger organisations" in mind. Do you mean to say
> that the Debian project was supposing that the larger organisations
> might want to operate without security support for a year or two?!
No - not for a minute. I never read that statement to mean what you
believe it means.
>
>> And I can't account for why you did not know of the Lenny end of
>> support date.
>
> My colleagues from a sibling network were equally surprised. Why
> wouldn't we be if there was no announcement made?
Wrong list I guess - I could search the security lists for "lenny end of
support" but I suspect I'd end up eating my own dog food ;-)
If it was RedHat I'd be (surprised) and jumping up and down. It's Debian
- so I expect that I need to monitor a number of lists to know what's
going on.
The number of lists has grown since I started using Debian (it was only
four lists then) - but the need has not.
Even the "official" announcement of the end of support for Lenny didn't
happen until two days after the fact. The joys of a mostly autonomous
community and a "free" Operating System :-)
I don't know that there is a mechanism in place for ensuring that all
relevant support issues appear in the announcements list. Beyond my ken
I'm afraid.
Might I suggest you subscribe to the security list?
It's *very* useful for other reasons than just this reminder:-
http://lists.debian.org/debian-security-announce/2011/msg00238.html
I hope you find a solution, and that many others have not been caught in
the same situation.
Kind regards
--
Iceweasel/Firefox extensions for finding answers to Debian questions:-
https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/
Reply to: