On Mon, Feb 19, 2018 at 03:52:30PM -0500, Roberto C. Sánchez wrote:
> On Mon, Feb 19, 2018 at 10:16:56PM +0200, Adrian Bunk wrote:
> > On Mon, Feb 19, 2018 at 08:40:12PM +0100, Michael Meskes wrote:
> > >...
> > > > An example what "no security support" means in practice:
> > >
> > > I don't think anyone suggest "no security", but something like
> > > "security by upstream releases".
> > How can you guarantee that to our users for buster until mid-2022?
> > This only works when upstream provides an LTS branch covering the
> > lifetime of the Debian release.
> > Debian already does "security by upstream releases" for Firefox,
> > and this clearly shows why this is problematic:
> Also PostgreSQL, formerly MySQL, OpenJDK, etc. Some go smoothly (I think
> PostgreSQL upstream is very good here), and some do not.
These (and also the kernel) are "following an upstream LTS branch",
not "security by upstream releases".
Also for Firefox the new releases on an upstrem LTS branch
(currently 52) are usually not a problem.
The problem with Firefox is the once per year switch to a new
LTS branch, like this year Firefox 52 -> 59.
We aren't doing that for PostgreSQL.
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed