Bug#468765: Is oldstable security support duration something to be proud of?
Le March 10, 2008 02:56:15 pm Luk Claes, vous avez écrit :
> Filipus Klutiero wrote:
> > Hi,
> > I reported #468765 about a questionable statement on www.debian.org.
> > Frank Lichtenheld wants this to be discussed.
> >
> > This statement is in a security announcement. Martin Schulze confirmed
> > that he wrote the statement. Does the security team think that oldstable
> > security support duration is something to be proud of?
> >
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468765
>
> Why would anyone question if a security support of at *least* 2,5 years
> by volunteers not be something to be proud of?
The sentence does not talk about volunteers. Even if it did, I wouldn't be
less proud of my contributions to Debian if I was paid for them. And from the
readers POV, I don't appreciate Debian more because developers are mostly
volunteers.
I already compared the duration of oldstable support in the bug report, but
let's look at the total security support duration of each release of other
free distros if you want. Let's take these 3 which are not too far from
Debian's quality:
RHEL and derivatives: 7 years
openSUSE: 2 years
Ubuntu: a bit more complex.
1.5 in general
LTS releases: 3 on desktop, 5 on server
Debian is somewhat better than openSUSE, equal or slightly worst than Ubuntu
and definitely worst than RHEL and derivatives. So on average, Debian is
somewhat worst than its main alternatives in this aspect. IMO one shouldn't
show off unless being at least a bit above average.
> If people think the duration of the security support is more important
> than the quality of the support, then that question could indeed be
> considered...
That is longer to analyze. As the sentence doesn't specifically refer to that
and it's more likely to support my point anyway, I'll let you do it if you
think it supports yours.
Reply to: