On Sun, Jan 30, 2005 at 05:08:14PM +0000, Sam Morris wrote: > Michelle Konzack wrote: > >Generaly there is no reason to remove 2.4.18. > >But I think, there is a need to a note about Servers like > ><http://www.backports.org/> where they can get newer Kernels. > > Well it seems sensible to remove such unmaintained packages from the > archive. It will prevent people from installing, > kernel-image-2.4.18-something and assuming that, since it is in the > stable distribution, it will recieve security updates like any other > package.
Which is what I was assuming when I presented the idea of running Debian over other distributions to my employer. I thought that Debian Security covered all packages, especially the kernel, and items in the Debian main archive. > If the packages are not to be removed, then there should definatly be a > big flashing red warning in the install and reference manuals saying "Do > not use kernel-image-2.4.18-* packages! They contain security flaws!" :) I would have liked to have seen this... somewhere... perhaps on the Debian Security web site, as I do not subscribe to all of the Debian mailing lists and probably missed the one message stating the security support did not exist for the 2.4.18 kernel. I currently run Sarge on a few machines, but as I understand Debian policy, Sarge does not receive security updates. The only security updates I can expect are for Woody, so this makes Sarge unreliable for a production environment. I guess this is a good time for me to try to see if I can help the Debian Security Folks out if they need it. Sincerely, --Shawn -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
