> > Who said we cannot properly maintain this stuff? And where do you
> > think our expected level of quality (whatever that is) will not be
> > reached?
> In the year 2018, any kind of "properly maintain" includes security
Indeed it does, but not necessarily the way we handle it now.
> Please elaborate how Debian can provide security support for
> like gitlab and all their dependencies in buster until mid-2022.
> If Debian cannot provide security support for the lifetime of a
> Debian release, it is better for our users when they are installing
> software from upstream with the security support provided by
Maybe you answered your question yourself. How about we tie our
security support to upstream's? Instead of fixing and backporting
ourselves we promise our users that this section of the archive will
get upstream's latest fixes even if that means the version number
This way the users would get a lot of benefits from using Debian but no
drawback compared to the self-installed alternative.
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Meskes at (Debian|Postgresql) dot Org
Jabber: michael at xmpp dot meskes dot org
VfL Borussia! Força Barça! SF 49ers! Use Debian GNU/Linux, PostgreSQL