On Tue, Oct 23, 2018, 6:17 AM Martin Zobel-Helas <[email protected]> wrote:
> David, > > Also from a user’s perspective i would like to hear your feedback on the > mail I wrote earlier today to the cloud list... Be aware that none of the > timeline in this mail is written into stone yet. It is just a proposal. > > Best regards, > Martin > > Am 23.10.2018 um 13:14 schrieb Martin Zobel-Helas <[email protected]>: > > Hi David, > > My understanding is that removing the images from the vendors market > places is to make the images less easy discoverable and to discourage users > from spinning new instances from an old image type. I don’t know the exact > details for AWS but my guess is those AMI IDs will NOT remain indefinitely > but at least longer. > > Also be aware that we will release Debian Buster hopefully in the middle > of next year. Maybe it is time to switch away from Debian Jessie at one > point... Rather sooner than later... > > Best regards, > Martin > > Am 23.10.2018 um 12:51 schrieb David Osborne <[email protected]>: > > Thank you... so the amis themselves should remain indefinitely? > -- > David > > On Tue, 23 Oct 2018 at 11:47, Martin Zobel-Helas <[email protected]> wrote: > >> >> >> From my understanding Noah only removed the links from the market place, >> but did not remove the images from the storage. This means by knowing the >> image AMI IDs you should still be able to rebuild your images on top of our >> Debian images. >> >> Best regards, >> Martin >> > > Are people saying that LTS is doing a poor job of security updates? Because I was just noticing that CVE-2017-14062 for libidn11 (not to be confused with the more popular linidn2) fixed in 1.29-1+deb8u3 on jessie lts but not in 1.33-1 (the current version) on stretch. So I frankly have no idea where these "concerns were raised by several of the cloud platforms people that LTS security doesn't seem to be working very well" are coming from.
