On Mon, Feb 19, 2018 at 10:21:18AM +0100, Michael Meskes wrote:
Maybe you answered your question yourself. How about we tie our
security support to upstream's? Instead of fixing and backporting
ourselves we promise our users that this section of the archive will
get upstream's latest fixes even if that means the version number
changes.


Because eventually a future version will come out that doesn't work with the stable base, at which point we suddenly stop supporting the package. That's much worse than just admitting up front that we can't support the package for the next 4 years.

Mike Stone

Reply via email to