[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: End of life for Sarge

On Wed, 13 Feb 2008, Stephen Gran wrote:

> > Thank you for the announcement.
> > Will this become effective immediately ?
> What this announcement means is that volatile.debian.org has stopped
> supporting sarge.  Regular security support from security.debian.org
> will continue as before. 

OK, but since e.g. clamav or spamassassin are 'frozen in sarge' and
after having installed newer versions via volatile to keep them
usable, the next security-fix (without volatile) means downgrading
to the last sarge-frozen package.
So after next security-problem (by the way just a day or two ago
clamav announced such a fix) you'll be simply FORCED to upgrade to
etch or loose functionality i.e the virus-scanner-engine.

Wasn't such a situation just the definition of a 'CATCH22'?
Without 'etch' you're lost for security-reasons either way,
either you'll compromise the server by keeping insecure software,
or the users by insecure working of the older software.

So the question, 'when is the exact deadline' might be VERY
interesting (it might even come to late for clamav though,
I just dropped clamav from the old sarge server and have to use
another filter -- just luck, that we have one)...


Reply to: