> > Who said we cannot properly maintain this stuff? And where do you > > think our expected level of quality (whatever that is) will not be > > reached? > > In the year 2018, any kind of "properly maintain" includes security > support.
Indeed it does, but not necessarily the way we handle it now. > Please elaborate how Debian can provide security support for > packages > like gitlab and all their dependencies in buster until mid-2022. > > If Debian cannot provide security support for the lifetime of a > stable > Debian release, it is better for our users when they are installing > the > software from upstream with the security support provided by > upstream. Maybe you answered your question yourself. How about we tie our security support to upstream's? Instead of fixing and backporting ourselves we promise our users that this section of the archive will get upstream's latest fixes even if that means the version number changes. This way the users would get a lot of benefits from using Debian but no drawback compared to the self-installed alternative. Michael -- Michael Meskes Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org) Meskes at (Debian|Postgresql) dot Org Jabber: michael at xmpp dot meskes dot org VfL Borussia! Força Barça! SF 49ers! Use Debian GNU/Linux, PostgreSQL