On Sat, Aug 31, 2013 at 5:57 PM, Michael Gilbert wrote:
I've been meaning to add more informative info to the security-tracker
about end-of-lifed packages. Right now you can see that info in the
raw tracker data, but the generate web pages don't make that clear at
all.
Is the raw tracker
❦ 1 septembre 2013 12:04 CEST, Paul Wise p...@debian.org :
http://anonscm.debian.org/viewvc/secure-testing/data/package-tags?view=co
As far as I can tell users are very unlikely to notice this. The tags
are exported to the Packages files in wheezy but apt doesn't do
anything with that
On Sun, Sep 1, 2013 at 6:04 AM, Paul Wise wrote:
On Sat, Aug 31, 2013 at 5:57 PM, Michael Gilbert wrote:
I've been meaning to add more informative info to the security-tracker
about end-of-lifed packages. Right now you can see that info in the
raw tracker data, but the generate web pages
On Tue, Aug 27, 2013 at 4:50 PM, Pau Garcia i Quiles wrote:
On Tue, Aug 27, 2013 at 7:18 PM, Russ Allbery wrote:
IMHO the Security Team should not act as fixers themselves but more as
proxies, passing information about a security issue to the maintainer of
the package.
And what happens
On Tue, Aug 27, 2013 at 9:58 AM, Simon McVittie wrote:
On 27/08/13 14:32, Pau Garcia i Quiles wrote:
What do you do with the 1 year of support Debian currently gives to
oldstable? It's also 1 year you stopped using that version, so no
technical challenge either.
There does need to be some
Upgrading is easy is not really a valid retort. Though it does mitigate
the cost, it does not eliminate it. Nobody wants to spend their automation
budget on making upgrading easy enough to do on a whim. There are plenty
of other concerns that automation must address that have nothing to do
Clint Byrum spam...@debian.org writes:
Dreamhost is a hosting company. It actually is quite possible that all
20,000 machines mentioned are unique snowflakes in this case. Though it
is probably more likely that there at most 10,000 unique machines, with
some customers having only one, but
On Thu, Aug 29, 2013 at 05:31:26PM +0200, Ondřej Surý wrote:
So properly maintaining our stable/oldstable is a mandatory first step into
being
able to provide even longer support for random release we start to call the
LTS.
Whether we achieve that by throwing more manpower into the bunch,
I wasn't clear, I don't mean you'll do each one as a special snowflake
in-place. I mean, 20,000 machines is simply a lot of machines to
manage. No matter what, upgrading or replacing the OS all within a 1
year schedule that you do not control and cannot fully predict, is a
big hassle.
Well
Excerpts from Kevin Chadwick's message of 2013-08-30 10:28:51 -0700:
I wasn't clear, I don't mean you'll do each one as a special snowflake
in-place. I mean, 20,000 machines is simply a lot of machines to
manage. No matter what, upgrading or replacing the OS all within a 1
year schedule
Hi,
On Tue Aug 27, 2013 at 02:11:56 +0200, Thomas Goirand wrote:
On 08/26/2013 12:33 PM, Neil McGovern wrote:
I'm hoping that these raising of hands are also offers to help do the
work to make it happen.
Guys, if you want it to happen, raise your hands *now* like Gustavo did.
On Thu, Aug 29, 2013 at 11:59 AM, Martin Zobel-Helas wrote:
I am raising my hand here. I am willing to support the debian security
team. I will be able to do that during my paid work time, as my
employer, credativ, is backing this.
Mid-term goal should be a Debian LTS version, but we can
Steve Langasek writes (Update policies for security bugs [Was, Re: Dreamhost
dumps Debian]):
I don't think this is incompatible with my contention that updates for
security bugs should be driven by the security team. If we think a security
fix should not be pushed *immediately* to users
On Wed, Aug 28, 2013 at 04:33:38PM +0200, Ondřej Surý wrote:
On Wed, Aug 28, 2013 at 4:29 PM, Michael Meskes mes...@debian.org wrote:
Anyhow, I doubt we can reasonably expect to maintain *all* packages for a
longer
period. How about starting with a defined list of packages that we do care
On Thu, Aug 29, 2013 at 2:08 PM, Michael Meskes mes...@debian.org wrote:
On Wed, Aug 28, 2013 at 04:33:38PM +0200, Ondřej Surý wrote:
On Wed, Aug 28, 2013 at 4:29 PM, Michael Meskes mes...@debian.org
wrote:
Anyhow, I doubt we can reasonably expect to maintain *all* packages
for a
On 08/27/2013 06:53 AM, Pau Garcia i Quiles wrote:
stable. Having a team of people like Mike, Michael, Gustavo, me, etc
to take care of EVERY package is plain impossible, especially if we
want 5 years
i didn't say EVERY package i say the packages we care about
we simply don't have the
Excerpts from Russ Allbery's message of 2013-08-27 13:47:01 -0700:
Clint Byrum spam...@debian.org writes:
Perhaps you missed the blog post [1] details?
About ten months ago, we realized that the next installation of Debian
was upcoming, and after upgrading about 20,000 machines since
On Tue, 27 Aug 2013, Steve Langasek wrote:
Well, I don't think that's a very good policy. I don't see why, if the bug
is worth fixing in a stable release for security reasons, it should go
through the stable-updates channel instead of the security channel.
Going via stable-updates allows for
On Ma, 27 aug 13, 10:18:53, Russ Allbery wrote:
Alternately, we could be far more aggressive about removing packages from
oldstable, I suppose, but I don't think that's a good idea; that just
leaves our users with exactly the sorts of choices that we're trying to
avoid. I think it's much
Steve Langasek writes (Re: Dreamhost dumps Debian):
To me, being redirected to stable-updates constitutes a refusal/denial by
the security team to use the security updates channel. Again, if it's a
security issue that's not important enough to be an official security
update, it's
Bastien ROUCARIES writes (Re: Longer maintainance for (former) stable releases
of Debian (Re: Dreamhost dumps Debian)):
Le 27 août 2013 19:32, Ian Jackson ijack...@chiark.greenend.org.uk a
écrit :
Worse: in practice, removing packages is invisible to the users and
their package manager
Ian Jackson writes (Re: Longer maintainance for (former) stable releases of
Debian (Re: Dreamhost dumps Debian)):
Bastien ROUCARIES writes (Re: Longer maintainance for (former) stable
releases of Debian (Re: Dreamhost dumps Debian)):
Why not un this case creating an empty package depending
On Tue, Aug 27, 2013 at 07:52:33PM +0100, Kevin Chadwick wrote:
I don't really understand it myself as server packages and their
dependencies tend to be stable and I tend to want the latest versions of
dovecot, unbound etc..
However perhaps there is a divide here between servers which want
On Wed, Aug 28, 2013 at 4:29 PM, Michael Meskes mes...@debian.org wrote:
On Tue, Aug 27, 2013 at 07:52:33PM +0100, Kevin Chadwick wrote:
I don't really understand it myself as server packages and their
dependencies tend to be stable and I tend to want the latest versions of
dovecot,
On Wed, Aug 28, 2013 at 04:29:08PM +0200, Michael Meskes wrote:
On Tue, Aug 27, 2013 at 07:52:33PM +0100, Kevin Chadwick wrote:
I don't really understand it myself as server packages and their
dependencies tend to be stable and I tend to want the latest versions of
dovecot, unbound etc..
On Wed, Aug 28, 2013 at 4:55 PM, Neil McGovern ne...@debian.org wrote:
I think you have a very valid point here. I kind of doubt many people
would
like to run on a five year old desktop.
Stats seem to disagree:
On Wed, Aug 28, 2013 at 11:42:05AM +0100, Ian Jackson wrote:
Steve Langasek writes (Re: Dreamhost dumps Debian):
To me, being redirected to stable-updates constitutes a refusal/denial by
the security team to use the security updates channel. Again, if it's a
security issue that's
On 2013-08-28 10:42, Ian Jackson wrote:
As Peter Palfrader points out stable-updates allows more review,
because it doesn't suffer from the process problems caused by the need
for secrecy. stable-updates are also made in less of a hurry.
Iff people actually test proposed-updates. The feedback
On Wed, Aug 28, 2013 at 12:47 PM, Ian Jackson
ijack...@chiark.greenend.org.uk wrote:
Ian Jackson writes (Re: Longer maintainance for (former) stable releases of
Debian (Re: Dreamhost dumps Debian)):
Bastien ROUCARIES writes (Re: Longer maintainance for (former) stable
releases of Debian (Re
On Tue, Aug 27, 2013 at 02:11:56AM +0200, Thomas Goirand wrote:
Guys, if you want it to happen, raise your hands *now* like Gustavo did.
Otherwise, please everyone: let this thread die and never raise the
topic again in this list.
Raising my hand here ...
Michael
--
Michael Meskes
Michael at
On Tue, Aug 27, 2013 at 10:56 AM, Michael Meskes mes...@debian.org wrote:
Guys, if you want it to happen, raise your hands *now* like Gustavo did.
Otherwise, please everyone: let this thread die and never raise the
topic again in this list.
Raising my hand here ...
One more hand.
But
On Tue, Aug 27, 2013 at 11:53:47AM +0200, Pau Garcia i Quiles wrote:
But I'd like to stress we need *all* developers to be involved fix bugs
(esp. security) in their packages in all the supported releases, not only
in current-stable.
I am afraid I am not on board for this. I do not agree with
On Tue, 2013-08-27 at 11:53 +0200, Pau Garcia i Quiles wrote:
On Tue, Aug 27, 2013 at 10:56 AM, Michael Meskes mes...@debian.org
wrote:
Guys, if you want it to happen, raise your hands *now* like
Gustavo did.
Otherwise, please everyone: let this thread die and
On Tue, Aug 27, 2013 at 11:41:58AM +0100, Ben Hutchings wrote:
The challenge was: who is willing to do the work. Your answer is: me,
but only everyone else helps.
That doesn't answer the challenge at all.
It's hard enough to get maintainers to fix bugs in current stable
(backporting can
On Tue, Aug 27, 2013 at 11:41:58AM +0100, Ben Hutchings wrote:
The challenge was: who is willing to do the work. Your answer is: me,
but only everyone else helps.
That doesn't answer the challenge at all.
Agreed.
It's hard enough to get maintainers to fix bugs in current stable
On Tue, Aug 27, 2013 at 2:09 PM, Neil McGovern n...@halon.org.uk wrote:
Indeed. Look at the security team for example. In theory, if all
maintainers cared enough about the older packages, we woudn't need the
level of people we currently do.
IMHO the Security Team should not act as fixers
On 08/27/2013 11:53 AM, Pau Garcia i Quiles wrote:
On Tue, Aug 27, 2013 at 10:56 AM, Michael Meskes mes...@debian.org
mailto:mes...@debian.org wrote:
Guys, if you want it to happen, raise your hands *now* like
Gustavo did.
Otherwise, please everyone: let this thread die
On Tue, Aug 27, 2013 at 12:03 PM, Lars Wirzenius l...@liw.fi wrote:
On Tue, Aug 27, 2013 at 11:53:47AM +0200, Pau Garcia i Quiles wrote:
But I'd like to stress we need *all* developers to be involved fix bugs
(esp. security) in their packages in all the supported releases, not only
in
On 08/27/2013 12:41 PM, Ben Hutchings wrote:
It's hard enough to get maintainers to fix bugs in current stable
(backporting can be difficult, and some just don't care), let alone
another 3 years of LTS.
Ben.
I agree with what you wrote above Ben. Though that is not in a direct
relation with
On 08/27/2013 02:28 PM, Michael Meskes wrote:
Which brings up the interesting question how it works for stable now. How
often
do bigs get fixed by the security team and how often by maintainers
themselves?
How much work is this for the security team? Yes, I know, the older the
software
On 27/08/13 14:32, Pau Garcia i Quiles wrote:
What do you do with the 1 year of support Debian currently gives to
oldstable? It's also 1 year you stopped using that version, so no
technical challenge either.
There does need to be some amount of overlap, because people can't
necessarily upgrade
Pau Garcia i Quiles pgqui...@elpauer.org writes:
IMHO the Security Team should not act as fixers themselves but more as
proxies, passing information about a security issue to the maintainer of
the package.
And what happens then if the maintainer doesn't respond?
If we're going to offer
Russ Allbery writes (Re: Longer maintainance for (former) stable releases of
Debian (Re: Dreamhost dumps Debian)):
If we're going to offer meaningful security support, we have to have a
bug-fixer of last resort, and that's the party most stressed by extending
security support. Particularly
Large hosting companies not having made their scripts etc. good enough
to ride out upgrades well should have nothing to do with any decision.
I don't think the problem here is with Large hosting companies not
having made their scripts etc. good enough. I don't think it has
anything to
Alternately, we could be far more aggressive about removing packages from
oldstable, I suppose, but I don't think that's a good idea; that just
leaves our users with exactly the sorts of choices that we're trying to
avoid. I think it's much cleaner and better for our users to offer full
Le 27 août 2013 19:32, Ian Jackson ijack...@chiark.greenend.org.uk a
écrit :
Russ Allbery writes (Re: Longer maintainance for (former) stable
releases of Debian (Re: Dreamhost dumps Debian)):
If we're going to offer meaningful security support, we have to have a
bug-fixer of last resort
On Tue, Aug 27, 2013 at 7:18 PM, Russ Allbery r...@debian.org wrote:
IMHO the Security Team should not act as fixers themselves but more as
proxies, passing information about a security issue to the maintainer of
the package.
And what happens then if the maintainer doesn't respond?
Then,
Clint Byrum spam...@debian.org writes:
Perhaps you missed the blog post [1] details?
About ten months ago, we realized that the next installation of Debian
was upcoming, and after upgrading about 20,000 machines since Debian 6
(aka Squeeze) was released, we got pretty tired.
Even if the
Excerpts from Kevin Chadwick's message of 2013-08-27 11:45:34 -0700:
Large hosting companies not having made their scripts etc. good enough
to ride out upgrades well should have nothing to do with any decision.
I don't think the problem here is with Large hosting companies not
Russ Allbery r...@debian.org schrieb:
Pau Garcia i Quiles pgqui...@elpauer.org writes:
On Tue, Aug 20, 2013 at 8:25 PM, Russ Allbery r...@debian.org wrote:
My experience is that I can just barely manage to convince upstreams to
look over my backports of security patches to packages in
Steve Langasek vor...@debian.org schrieb:
I understand the
motivation (like everyone else they have more to do than they have time to
do it in), but I think the outcome, whereby the security team denies use of
the security update channel for non-critical security bugs and redirects
Michael Meskes mes...@debian.org schrieb:
Which brings up the interesting question how it works for stable now. How
often
do bigs get fixed by the security team and how often by maintainers
themselves?
No hard numbers, but I'd suppose half and half (i.e. cases, where the maintainer
prepared
On Tue, Aug 27, 2013 at 11:51:40PM +0200, Moritz Mühlenhoff wrote:
Steve Langasek vor...@debian.org schrieb:
I understand the
motivation (like everyone else they have more to do than they have time to
do it in), but I think the outcome, whereby the security team denies use of
the security
Hi Charles,
On Di 20 Aug 2013 02:04:40 CEST Charles Plessy wrote:
Altogether, it is a lot of work, but if we have enough people for
doing it, think that it would be very positive for us.
/me raises his hand for giving his work for longer maintainance of
former Debian stable releases. For
Hi All,
On 08/26/2013 09:31 AM, Mike Gabriel wrote:
Hi Charles,
On Di 20 Aug 2013 02:04:40 CEST Charles Plessy wrote:
Altogether, it is a lot of work, but if we have enough people for
doing it, think that it would be very positive for us.
/me raises his hand for giving his work for
On Mon, Aug 26, 2013 at 11:14:25AM +0200, Balint Reczey wrote:
Hi All,
On 08/26/2013 09:31 AM, Mike Gabriel wrote:
Hi Charles,
On Di 20 Aug 2013 02:04:40 CEST Charles Plessy wrote:
Altogether, it is a lot of work, but if we have enough people for
doing it, think that it would be
On 08/26/2013 07:33 AM, Neil McGovern wrote:
I'm hoping that these raising of hands are also offers to help do the
work to make it happen.
i offer help, we are interested on longer maintenance for some packages.
i think we should start to coordinate, if is anybody else willing to
help with the
gustavo panizzo gfa schrieb am Monday, den 26. August 2013:
On 08/26/2013 07:33 AM, Neil McGovern wrote:
I'm hoping that these raising of hands are also offers to help do the
work to make it happen.
i offer help, we are interested on longer maintenance for some packages.
i think we should
On 26/08/13 at 10:00 -0300, gustavo panizzo gfa wrote:
On 08/26/2013 07:33 AM, Neil McGovern wrote:
I'm hoping that these raising of hands are also offers to help do the
work to make it happen.
i offer help, we are interested on longer maintenance for some packages.
i think we should start
Lucas Nussbaum schrieb am Monday, den 26. August 2013:
On 26/08/13 at 10:00 -0300, gustavo panizzo gfa wrote:
On 08/26/2013 07:33 AM, Neil McGovern wrote:
I'm hoping that these raising of hands are also offers to help do the
work to make it happen.
i offer help, we are interested on
Long-term support of stable releases was one of the reasons for the
debian-companies@ initiative. I'm Ccing Michael Meskes, who is
interested in coordinating this initiative.
JFTR Coordination of LTS support should not go through a closed list.
And I don't think anyone suggested that. The
Excerpts from Thomas Goirand's message of 2013-08-25 16:36:48 -0700:
On 08/21/2013 05:45 PM, Kevin Chadwick wrote:
Large hosting companies not having made their scripts etc. good enough
to ride out upgrades well should have nothing to do with any decision.
I don't think the problem here is
On Mon, Aug 26, 2013 at 09:31:06AM +0200, Mike Gabriel wrote:
Hi Charles,
On Di 20 Aug 2013 02:04:40 CEST Charles Plessy wrote:
Altogether, it is a lot of work, but if we have enough people for
doing it, think that it would be very positive for us.
/me raises his hand for giving his
On 26.08.2013 20:14, Andrew M.A. Cater wrote:
Ubuntu LTS - five years support but presumes nothing changes and you then
find huge problems moving to the next LTS because the
intervening releases have disappeared ...
You don't need the intervening releases, Ubuntu recommends doing
LTS-LTS
On 08/26/2013 12:33 PM, Neil McGovern wrote:
I'm hoping that these raising of hands are also offers to help do the
work to make it happen.
Neil
Which is why there's only a single person that replied to my workflow
proposal ... to criticize my idea to do it on a separate infrastructure,
but
On 08/21/2013 05:45 PM, Kevin Chadwick wrote:
Large hosting companies not having made their scripts etc. good enough
to ride out upgrades well should have nothing to do with any decision.
I don't think the problem here is with Large hosting companies not
having made their scripts etc. good
On 21/08/13 19:08, Clint Byrum wrote:
Excerpts from Kevin Chadwick's message of 2013-08-21 08:45:27 -0700:
My point of view is that Debian Stable should be aiming for whatever
they believe the sweet point between stable and so usable without having
problems is and maximising security. Aka
Wookey woo...@wookware.org writes:
+++ Ian Jackson [2013-08-20 16:05 +0100]:
The bigger problem for a Debian LTS is this: 1. who is going to do
security support for it ?
Ideally it would be the people that want releases supported longer -
e.g this dreamhost outfit, and presumably many
On Wed, Aug 21, 2013 at 1:48 AM, Ben Hutchings b...@decadent.org.uk wrote:
Ubuntu uses a combination of driver backports and newer kernel versions
in LTS releases.
As Clint, Philipp and you say, I was wrong.
However, I don't see that as an insurmountable argument against Debian
LTSs. It just
+++ Philip Hands [2013-08-21 10:35 +0100]:
Wookey woo...@wookware.org writes:
I have always thought that there was room for a business selling
longer-term Debian support.
Quite.
It seems to me that doing things to keep these people cheerful should
attract a financial reward. If that
Russ Allbery writes (Re: Dreamhost dumps Debian):
Yeah, I know. But the number of such exceptions is relatively limited,
enough so that we can issue security advisories saying they're not
supported any more. It's not a comfortable compromise, but it seems to be
a workable one. The LTS
Ian Jackson writes (Re: Dreamhost dumps Debian):
I think we need to do more than that. We need to arrange to
automatically disable affected software (by default). (And that has
to be done in a way that allows an affected user to re-enable it, and
which is sorted out properly on upgrade
On Wed, Aug 21, 2013 at 10:35:34AM +0100, Philip Hands wrote:
Wookey woo...@wookware.org writes:
+++ Ian Jackson [2013-08-20 16:05 +0100]:
The bigger problem for a Debian LTS is this: 1. who is going to do
security support for it ?
Ideally it would be the people that want releases
My point of view is that Debian Stable should be aiming for whatever
they believe the sweet point between stable and so usable without having
problems is and maximising security. Aka maximising productivity and
safety with no other concerns or compromises.
Large hosting companies not having made
On Wed, Aug 21, 2013 at 5:45 PM, Kevin Chadwick ma1l1i...@yahoo.co.ukwrote:
Does anyone even know for sure what the decision to switch was actually
based upon?
Not really, but I have seen Debian rejected at several companies
(customers) due to too-short support of old releases and too-far away
On Wed, 21 Aug 2013 17:58:55 +0200, Pau Garcia i Quiles
pgqui...@elpauer.org wrote:
On Wed, Aug 21, 2013 at 5:45 PM, Kevin Chadwick ma1l1i...@yahoo.co.ukwrote:
Does anyone even know for sure what the decision to switch was actually
based upon?
Not really, but I have seen Debian rejected at
Excerpts from Kevin Chadwick's message of 2013-08-21 08:45:27 -0700:
My point of view is that Debian Stable should be aiming for whatever
they believe the sweet point between stable and so usable without having
problems is and maximising security. Aka maximising productivity and
safety with no
❦ 20 août 2013 02:04 CEST, Charles Plessy ple...@debian.org :
Just to say that Debian usually has a 3 year support.
Hi Vincent,
this actually misleading for systems that have a long lifetime, where the
turnover matters more, and in Debian it is 2 years. In some workplaces It
means that
On Mon, 2013-08-19 at 23:48 -0400, Michael Gilbert wrote:
[...]
Plus, Ben Hutchings is putting together a plan to add support for
newer hardware in stable releases:
http://lists.debian.org/debian-boot/2013/08/msg00090.html
Presumably, continuing to support newer hardware will improve the
On Mon, Aug 19, 2013 at 10:50 PM, Russ Allbery wrote:
...change anything about their model. However, as a Debian Developer, I
would be extremely uncomfortable about having tiers of security support
for our packages were we to try to duplicate something like LTS.
We are already no longer
On Mon, Aug 19, 2013 at 11:48:13PM -0400, Michael Gilbert wrote:
Russ already replied and I agree with its reply. Just to say that Debian
usually has a 3 year support. This is the kind of misguiding that I
usually hear when people promotes Ubuntu over Debian.
I know already that this isn't
There are also a number of packages that have no support or limited
support in squeeze/wheezy:
http://anonscm.debian.org/viewvc/secure-testing/data/package-tags?view=markup
--
bye,
pabs
http://wiki.debian.org/PaulWise
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a
On Tue, Aug 20, 2013 at 12:46 PM, Steve Langasek vor...@debian.org wrote:
On Mon, Aug 19, 2013 at 11:48:13PM -0400, Michael Gilbert wrote:
Russ already replied and I agree with its reply. Just to say that
Debian
usually has a 3 year support. This is the kind of misguiding that I
Paul Wise p...@debian.org wrote:
...
At one point we stopped supporting clamav in oldstable:
http://www.debian.org/security/2008/dsa-1497
...
That, at least, is unlikely to be repeated. Upstream does a much better job of
maintaining a consistent API and ABI compatibility these days.
Scott
Charles Plessy writes (Re: Dreamhost dumps Debian):
However, one difficulty that was not mentionned in this thread is that if we
aim at both long term support and frequent releases, then we need to support
users skipping releases or upgrading multiple releases in a row.
I have done skip
On Tue, Aug 20, 2013 at 03:33:26PM +0100, Ian Jackson wrote:
Charles Plessy writes (Re: Dreamhost dumps Debian):
However, one difficulty that was not mentionned in this thread is that if we
aim at both long term support and frequent releases, then we need to support
users skipping releases
Adam Borowski writes (Re: Dreamhost dumps Debian):
On Tue, Aug 20, 2013 at 03:33:26PM +0100, Ian Jackson wrote:
I have done skip upgrades on multiple occasions. The fallout was
always manageable. (The most recent one was etch-squeeze IIRC.)
Why wouldn't you instead:
sed -i s/etch/lenny
Excerpts from Pau Garcia i Quiles's message of 2013-08-20 04:15:12 -0700:
On Tue, Aug 20, 2013 at 12:46 PM, Steve Langasek vor...@debian.org wrote:
On Mon, Aug 19, 2013 at 11:48:13PM -0400, Michael Gilbert wrote:
Russ already replied and I agree with its reply. Just to say that
Debian
The bigger problem for a Debian LTS is this: 1. who is going to do
security support for it ?
The same people that maintain the packages in sid and stable: the
maintainer(s) for each package. For orphaned packages, NMUs by other
developers or even a new maintainer team
Pau Garcia i Quiles writes (Re: Dreamhost dumps Debian):
[Ian Jackson]
The bigger problem for a Debian LTS is this: 1. who is going to do
security support for it ?
The same people that maintain the packages in sid and stable: the
maintainer(s) for each package. [...]
That is not the case
On Tue, Aug 20, 2013 at 6:25 PM, Ian Jackson
ijack...@chiark.greenend.org.uk wrote:
The bigger problem for a Debian LTS is this: 1. who is going to do
security support for it ?
The same people that maintain the packages in sid and stable: the
maintainer(s) for each package. [...]
Paul Wise p...@debian.org writes:
We are already no longer supporting iceweasel in squeeze:
http://www.debian.org/security/2013/dsa-2735
At one point we stopped supporting clamav in oldstable:
http://www.debian.org/security/2008/dsa-1497
At one point there was an experiment to express
Quoting Pau Garcia i Quiles (pgqui...@elpauer.org):
That is not the case. At the moment most of this is done by the
Debian security team. Of course some package maintainers do help.
IMHO that should be turned around: package maintainers should be the ones
responsible for updates and
On Tue, Aug 20, 2013 at 06:35:08PM +0200, Pau Garcia i Quiles wrote:
On Tue, Aug 20, 2013 at 6:25 PM, Ian Jackson
ijack...@chiark.greenend.org.uk wrote:
The bigger problem for a Debian LTS is this: 1. who is going to do
security support for it ?
The same people that maintain the
Ian Jackson ijack...@chiark.greenend.org.uk writes:
Pau Garcia i Quiles writes (Re: Dreamhost dumps Debian):
The same people that maintain the packages in sid and stable: the
maintainer(s) for each package. [...]
That is not the case. At the moment most of this is done by the
Debian
On Tue, Aug 20, 2013 at 8:25 PM, Russ Allbery r...@debian.org wrote:
The same people that maintain the packages in sid and stable: the
maintainer(s) for each package. [...]
That is not the case. At the moment most of this is done by the
Debian security team. Of course some package
On Tue, August 20, 2013 19:40, Steve Langasek wrote:
On Tue, Aug 20, 2013 at 06:35:08PM +0200, Pau Garcia i Quiles wrote:
IMHO that should be turned around: package maintainers should be the
ones responsible for updates and the Security Team should help with that
(e.g. by providing tips
On 08/20/2013 02:04 AM, Charles Plessy wrote:
However, one difficulty that was not mentionned in this thread is that if we
aim at both long term support and frequent releases, then we need to support
users skipping releases
I don't see why.
or upgrading multiple releases in a row.
Don't we
Pau Garcia i Quiles pgqui...@elpauer.org writes:
On Tue, Aug 20, 2013 at 8:25 PM, Russ Allbery r...@debian.org wrote:
My experience is that I can just barely manage to convince upstreams to
look over my backports of security patches to packages in oldstable
What makes you think Ubuntu, Red
On 08/20/2013 05:17 PM, Clint Byrum wrote:
E. g:
- In January 2014 we release Debian 8.0. We make this an LTS release,
meaning it would get updates for, say 3 years (until January 2017), and
security updates for 5 years (until January 2019).
- In February 2015 we release Debian 9.0. Non-LTS
1 - 100 of 117 matches
Mail list logo