Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Sun, Sep 1, 2013 at 6:04 AM, Paul Wise wrote: > On Sat, Aug 31, 2013 at 5:57 PM, Michael Gilbert wrote: > >> I've been meaning to add more informative info to the security-tracker >> about end-of-lifed packages. Right now you can see that info in the >> raw tracker data, but the generate web pa

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

❦ 1 septembre 2013 12:04 CEST, Paul Wise  : > http://anonscm.debian.org/viewvc/secure-testing/data/package-tags?view=co > > As far as I can tell users are very unlikely to notice this. The tags > are exported to the Packages files in wheezy but apt doesn't do > anything with that information. de

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Sat, Aug 31, 2013 at 5:57 PM, Michael Gilbert wrote: > I've been meaning to add more informative info to the security-tracker > about end-of-lifed packages. Right now you can see that info in the > raw tracker data, but the generate web pages don't make that clear at > all. Is the raw tracker

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Tue, Aug 27, 2013 at 9:58 AM, Simon McVittie wrote: > On 27/08/13 14:32, Pau Garcia i Quiles wrote: >> What do you do with the 1 year of support Debian currently gives to >> oldstable? It's also 1 year you stopped using that version, so no >> technical challenge either. > > There does need to be

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Tue, Aug 27, 2013 at 4:50 PM, Pau Garcia i Quiles wrote: > On Tue, Aug 27, 2013 at 7:18 PM, Russ Allbery wrote: > >> > IMHO the Security Team should not act as fixers themselves but more as >> > proxies, passing information about a security issue to the maintainer of >> > the package. >> >> And

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Thu, Aug 29, 2013 at 05:31:26PM +0200, Ondřej Surý wrote: > So properly maintaining our stable/oldstable is a mandatory first step into > being > able to provide even longer support for random release we start to call the > LTS. > > Whether we achieve that by throwing more manpower into the bun

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On 08/27/2013 06:53 AM, Pau Garcia i Quiles wrote: > > stable. Having a team of people like Mike, Michael, Gustavo, me, etc > to take care of EVERY package is plain impossible, especially if we > want 5 years i didn't say EVERY package i say the packages we care about we simply don't have the manp

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Thu, Aug 29, 2013 at 2:08 PM, Michael Meskes wrote: > On Wed, Aug 28, 2013 at 04:33:38PM +0200, Ondřej Surý wrote: > > On Wed, Aug 28, 2013 at 4:29 PM, Michael Meskes > wrote: > > > Anyhow, I doubt we can reasonably expect to maintain *all* packages > for a > > > longer > > > period. How abou

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Wed, Aug 28, 2013 at 04:33:38PM +0200, Ondřej Surý wrote: > On Wed, Aug 28, 2013 at 4:29 PM, Michael Meskes wrote: > > Anyhow, I doubt we can reasonably expect to maintain *all* packages for a > > longer > > period. How about starting with a defined list of packages that we do care > > about in

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Thu, Aug 29, 2013 at 11:59 AM, Martin Zobel-Helas wrote: > I am raising my hand here. I am willing to support the debian security > team. I will be able to do that during my paid work time, as my > employer, credativ, is backing this. > > Mid-term goal should be a Debian LTS version, but we can

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

Hi, On Tue Aug 27, 2013 at 02:11:56 +0200, Thomas Goirand wrote: > On 08/26/2013 12:33 PM, Neil McGovern wrote: > > I'm hoping that these raising of hands are also offers to help do the > > work to make it happen. > > > Guys, if you want it to happen, raise your hands *now* like Gustavo did. > O

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Wed, Aug 28, 2013 at 12:47 PM, Ian Jackson wrote: > Ian Jackson writes ("Re: Longer maintainance for (former) stable releases of > Debian (Re: Dreamhost dumps Debian)"): >> Bastien ROUCARIES writes ("Re: Longer maintainance for (former) stable >> releas

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Wed, Aug 28, 2013 at 4:55 PM, Neil McGovern wrote: > I think you have a very valid point here. I kind of doubt many people > would > > like to run on a five year old desktop. > > > > Stats seem to disagree: > > http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=11&qpcusto

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Wed, Aug 28, 2013 at 04:29:08PM +0200, Michael Meskes wrote: > On Tue, Aug 27, 2013 at 07:52:33PM +0100, Kevin Chadwick wrote: > > I don't really understand it myself as server packages and their > > dependencies tend to be stable and I tend to want the latest versions of > > dovecot, unbound et

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Wed, Aug 28, 2013 at 4:29 PM, Michael Meskes wrote: > On Tue, Aug 27, 2013 at 07:52:33PM +0100, Kevin Chadwick wrote: > > I don't really understand it myself as server packages and their > > dependencies tend to be stable and I tend to want the latest versions of > > dovecot, unbound etc.. > >

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Tue, Aug 27, 2013 at 07:52:33PM +0100, Kevin Chadwick wrote: > I don't really understand it myself as server packages and their > dependencies tend to be stable and I tend to want the latest versions of > dovecot, unbound etc.. > > However perhaps there is a divide here between servers which wa

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

Ian Jackson writes ("Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)"): > Bastien ROUCARIES writes ("Re: Longer maintainance for (former) stable > releases of Debian (Re: Dreamhost dumps Debian)"): > > Why not un thi

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

Bastien ROUCARIES writes ("Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)"): > Le 27 août 2013 19:32, "Ian Jackson" a > écrit : > > Worse: in practice, removing packages is invisible to the users and > > their pa

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Ma, 27 aug 13, 10:18:53, Russ Allbery wrote: > > Alternately, we could be far more aggressive about removing packages from > oldstable, I suppose, but I don't think that's a good idea; that just > leaves our users with exactly the sorts of choices that we're trying to > avoid. I think it's muc

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

Michael Meskes schrieb: > Which brings up the interesting question how it works for stable now. How > often > do bigs get fixed by the security team and how often by maintainers > themselves? No hard numbers, but I'd suppose half and half (i.e. cases, where the maintainer prepared the update, w

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Tue, Aug 27, 2013 at 7:18 PM, Russ Allbery wrote: > IMHO the Security Team should not act as fixers themselves but more as > > proxies, passing information about a security issue to the maintainer of > > the package. > > And what happens then if the maintainer doesn't respond? > > Then, and on

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

Le 27 août 2013 19:32, "Ian Jackson" a écrit : > > Russ Allbery writes ("Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)"): > > If we're going to offer meaningful security support, we have to have a > > bug

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

> Alternately, we could be far more aggressive about removing packages from > oldstable, I suppose, but I don't think that's a good idea; that just > leaves our users with exactly the sorts of choices that we're trying to > avoid. I think it's much cleaner and better for our users to offer full >

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

Russ Allbery writes ("Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)"): > If we're going to offer meaningful security support, we have to have a > bug-fixer of last resort, and that's the party most stressed by ex

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

Pau Garcia i Quiles writes: > IMHO the Security Team should not act as fixers themselves but more as > proxies, passing information about a security issue to the maintainer of > the package. And what happens then if the maintainer doesn't respond? If we're going to offer meaningful security sup

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On 27/08/13 14:32, Pau Garcia i Quiles wrote: > What do you do with the 1 year of support Debian currently gives to > oldstable? It's also 1 year you stopped using that version, so no > technical challenge either. There does need to be some amount of overlap, because people can't necessarily upgra

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On 08/27/2013 02:28 PM, Michael Meskes wrote: > Which brings up the interesting question how it works for stable now. How > often > do bigs get fixed by the security team and how often by maintainers > themselves? > How much work is this for the security team? Yes, I know, the older the > softwar

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On 08/27/2013 12:41 PM, Ben Hutchings wrote: > It's hard enough to get maintainers to fix bugs in current stable > (backporting can be difficult, and some just don't care), let alone > another 3 years of LTS. > > Ben. I agree with what you wrote above Ben. Though that is not in a direct relation

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Tue, Aug 27, 2013 at 12:03 PM, Lars Wirzenius wrote: On Tue, Aug 27, 2013 at 11:53:47AM +0200, Pau Garcia i Quiles wrote: > > But I'd like to stress we need *all* developers to be involved fix bugs > > (esp. security) in their packages in all the supported releases, not only > > in current-sta

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On 08/27/2013 11:53 AM, Pau Garcia i Quiles wrote: > > On Tue, Aug 27, 2013 at 10:56 AM, Michael Meskes > wrote: > > > > Guys, if you want it to happen, raise your hands *now* like > Gustavo did. > > Otherwise, please everyone: let this thread die and neve

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Tue, Aug 27, 2013 at 2:09 PM, Neil McGovern wrote: Indeed. Look at the security team for example. In theory, if all > maintainers cared enough about the older packages, we woudn't need the > level of people we currently do. > IMHO the Security Team should not act as fixers themselves but more

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Tue, Aug 27, 2013 at 11:41:58AM +0100, Ben Hutchings wrote: > The challenge was: who is willing to do the work. Your answer is: me, > but only everyone else helps. > > That doesn't answer the challenge at all. Agreed. > It's hard enough to get maintainers to fix bugs in current stable > (bac

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Tue, Aug 27, 2013 at 11:41:58AM +0100, Ben Hutchings wrote: > The challenge was: who is willing to do the work. Your answer is: me, > but only everyone else helps. > > That doesn't answer the challenge at all. > > It's hard enough to get maintainers to fix bugs in current stable > (backportin

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Tue, 2013-08-27 at 11:53 +0200, Pau Garcia i Quiles wrote: > > On Tue, Aug 27, 2013 at 10:56 AM, Michael Meskes > wrote: > > > Guys, if you want it to happen, raise your hands *now* like > Gustavo did. > > Otherwise, please everyone: let this thread die and never >

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Tue, Aug 27, 2013 at 11:53:47AM +0200, Pau Garcia i Quiles wrote: > But I'd like to stress we need *all* developers to be involved fix bugs > (esp. security) in their packages in all the supported releases, not only > in current-stable. I am afraid I am not on board for this. I do not agree wit

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Tue, Aug 27, 2013 at 10:56 AM, Michael Meskes wrote: > > Guys, if you want it to happen, raise your hands *now* like Gustavo did. > > Otherwise, please everyone: let this thread die and never raise the > > topic again in this list. > > Raising my hand here ... > One more hand. But I'd like

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Tue, Aug 27, 2013 at 02:11:56AM +0200, Thomas Goirand wrote: > Guys, if you want it to happen, raise your hands *now* like Gustavo did. > Otherwise, please everyone: let this thread die and never raise the > topic again in this list. Raising my hand here ... Michael -- Michael Meskes Michael

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On 08/26/2013 12:33 PM, Neil McGovern wrote: > I'm hoping that these raising of hands are also offers to help do the > work to make it happen. > > Neil Which is why there's only a single person that replied to my workflow proposal ... to criticize my idea to do it on a separate infrastructure, bu

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On 26.08.2013 20:14, Andrew M.A. Cater wrote: > Ubuntu LTS - five years support but presumes nothing changes and you then > find huge problems moving to the next LTS because the > intervening releases have disappeared ... You don't need the intervening releases, Ubuntu recommends doing LTS->LT

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Mon, Aug 26, 2013 at 09:31:06AM +0200, Mike Gabriel wrote: > Hi Charles, > > On Di 20 Aug 2013 02:04:40 CEST Charles Plessy wrote: > > >Altogether, it is a lot of work, but if we have enough people for > >doing it, think that it would be very positive for us. > > /me raises his hand for givin

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

>> Long-term support of stable releases was one of the reasons for the >> debian-companies@ initiative. I'm Ccing Michael Meskes, who is >> interested in coordinating this initiative. > JFTR Coordination of LTS support should not go through a closed list. And I don't think anyone suggested that. T

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

Lucas Nussbaum schrieb am Monday, den 26. August 2013: > On 26/08/13 at 10:00 -0300, gustavo panizzo wrote: > > On 08/26/2013 07:33 AM, Neil McGovern wrote: > > > I'm hoping that these raising of hands are also offers to help do the > > > work to make it happen. > > i offer help, we are intereste

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On 26/08/13 at 10:00 -0300, gustavo panizzo wrote: > On 08/26/2013 07:33 AM, Neil McGovern wrote: > > I'm hoping that these raising of hands are also offers to help do the > > work to make it happen. > i offer help, we are interested on longer maintenance for some packages. > i think we should sta

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

gustavo panizzo schrieb am Monday, den 26. August 2013: > On 08/26/2013 07:33 AM, Neil McGovern wrote: > > I'm hoping that these raising of hands are also offers to help do the > > work to make it happen. > i offer help, we are interested on longer maintenance for some packages. > i think we shou

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On 08/26/2013 07:33 AM, Neil McGovern wrote: > I'm hoping that these raising of hands are also offers to help do the > work to make it happen. i offer help, we are interested on longer maintenance for some packages. i think we should start to coordinate, if is anybody else willing to help with the

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Mon, Aug 26, 2013 at 11:14:25AM +0200, Balint Reczey wrote: > Hi All, > > On 08/26/2013 09:31 AM, Mike Gabriel wrote: > > Hi Charles, > > > > On Di 20 Aug 2013 02:04:40 CEST Charles Plessy wrote: > > > >> Altogether, it is a lot of work, but if we have enough people for > >> doing it, think t

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

Hi All, On 08/26/2013 09:31 AM, Mike Gabriel wrote: > Hi Charles, > > On Di 20 Aug 2013 02:04:40 CEST Charles Plessy wrote: > >> Altogether, it is a lot of work, but if we have enough people for >> doing it, think that it would be very positive for us. > > /me raises his hand for giving his wor

Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

Hi Charles, On Di 20 Aug 2013 02:04:40 CEST Charles Plessy wrote: Altogether, it is a lot of work, but if we have enough people for doing it, think that it would be very positive for us. /me raises his hand for giving his work for longer maintainance of former Debian stable releases. For c