[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#468765: Is oldstable security support duration something to be proud of?

Le March 10, 2008 02:56:15 pm Luk Claes, vous avez écrit :
> Filipus Klutiero wrote:
> > Hi,
> > I reported #468765 about a questionable statement on www.debian.org.
> > Frank Lichtenheld wants this to be discussed.
> >
> > This statement is in a security announcement. Martin Schulze confirmed
> > that he wrote the statement. Does the security team think that oldstable
> > security support duration is something to be proud of?
> >
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468765
> Why would anyone question if a security support of at *least* 2,5 years
> by volunteers not be something to be proud of?
The sentence does not talk about volunteers. Even if it did, I wouldn't be 
less proud of my contributions to Debian if I was paid for them. And from the 
readers POV, I don't appreciate Debian more because developers are mostly 

I already compared the duration of oldstable support in the bug report, but 
let's look at the total security support duration of each release of other 
free distros if you want. Let's take these 3 which are not too far from 
Debian's quality:
RHEL and derivatives: 7 years
openSUSE: 2 years
Ubuntu: a bit more complex.
	1.5 in general
	LTS releases: 3 on desktop, 5 on server

Debian is somewhat better than openSUSE, equal or slightly worst than Ubuntu 
and definitely worst than RHEL and derivatives. So on average, Debian is 
somewhat worst than its main alternatives in this aspect. IMO one shouldn't 
show off unless being at least a bit above average.

> If people think the duration of the security support is more important
> than the quality of the support, then that question could indeed be
> considered...

That is longer to analyze. As the sentence doesn't specifically refer to that 
and it's more likely to support my point anyway, I'll let you do it if you 
think it supports yours.

Reply to: