On Sun, Mar 16, 2008 at 03:30:46AM -0400, Filipus Klutiero wrote:
The most popular derivative, CentOS, does provide security support.
You realize that this consists essentially of recompiling the relevant
RHEL update, right? Note that the CentOS advisory even references the
parent RHEL
Le March 20, 2008 02:11:45 pm Michael Stone, vous avez écrit :
On Sun, Mar 16, 2008 at 03:30:46AM -0400, Filipus Klutiero wrote:
The most popular derivative, CentOS, does provide security support.
You realize that this consists essentially of recompiling the relevant
RHEL update, right?
Of
On March 15, 2008 08:14:48 am Javier Fernández-Sanguino Peña wrote:
On Mon, Mar 10, 2008 at 04:13:43PM -0400, Filipus Klutiero wrote:
RHEL and derivatives: 7 years
RHEL does offer support for 7 years, but that's paid-for support. Notice
that you *cannot* use official RHEL updates without
Maybe I'm wrong, I don't hold the truth. But I see Debian under a totally
different perspective than other distros. More of a philosophical stand
(reminiscent of Richard Stallman ideas about free software). This, of
course, is a work in progress with up and down days/seasons --whatever.
That
On Mon, Mar 10, 2008 at 04:13:43PM -0400, Filipus Klutiero wrote:
RHEL and derivatives: 7 years
RHEL does offer support for 7 years, but that's paid-for support. Notice that
you *cannot* use official RHEL updates without paying for it (up2date
requires a paid subscription to Red Hat's Network).
Marc Haber [EMAIL PROTECTED]:
This is a remarkable way to make the blatant failure to release Sarge
in a timely manner an advantage from a different poit of view.
If we really manage to release stable every 18 months, that would make
the normal support cycle for any stable release 30
Do you just like seeing your name on public lists?
No
Just let the thread die already.
If you want the thread to die, not repeating what others have already
written would be a good start.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
security
support duration is something to be proud of?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468765
I'm not a Debian developer, just a Debian user, and I have to say that
this bug report has to be one of stupidest bug reports I have ever
seen. It seems that some people have way too
On Mon, Mar 10, 2008 at 11:34:25PM +, Stephen Gran wrote:
This one time, at band camp, Filipus Klutiero said:
This one time, at band camp, Filipus Klutiero said:
RHEL and derivatives: 7 years
This is longer than Debian.
openSUSE: 2 years
Ubuntu: a bit more complex.
1.5
On Mon, Mar 10, 2008 at 11:42:39PM -0400, Filipus Klutiero wrote:
Thanks, I didn't know that duration was measured in security points
nowadays.
Given that Debian has more packages for the same software base (since
we tend to split up packages, which is IMO a good thing), you have a
point here.
Hi Marc,
and everybody else: please dont feed the troll. He was well known from
debian-release@, now debian-www@ and debian-security@ know him as well and he
will probably proceed to another channel.
Business as usual on the internet. I expect you received silly spam today too,
do you want to
On Mon, Mar 10, 2008 at 11:42:39PM -0400, Filipus Klutiero wrote:
Thanks, I didn't know that duration was measured in security points
nowadays.
Given that Debian has more packages for the same software base (since
we tend to split up packages, which is IMO a good thing), you have a
point
Lee Glidewell [EMAIL PROTECTED] writes:
On Monday 10 March 2008 07:54:32 pm Rich Healey wrote:
For what it's worth, I'm proud of you guys.
I do volunteer work for a much smaller project, and it's hard but
satisfying.
+1.
Given that Debian is maintained by volunteers, and that it has one
this to be discussed.
This statement is in a security announcement. Martin Schulze confirmed that
he
wrote the statement. Does the security team think that oldstable security
support duration is something to be proud of?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468765
Hi,
I reported #468765 about a questionable statement on www.debian.org. Frank
Lichtenheld wants this to be discussed.
This statement is in a security announcement. Martin Schulze confirmed that he
wrote the statement. Does the security team think that oldstable security
support duration
security
support duration is something to be proud of?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468765
Why would anyone question if a security support of at *least* 2,5 years
by volunteers not be something to be proud of?
If people think the duration of the security support is more
On Mon, Mar 10, 2008 at 2:36 PM, Filipus Klutiero [EMAIL PROTECTED] wrote:
This statement is in a security announcement. Martin Schulze confirmed that
he
wrote the statement. Does the security team think that oldstable security
support duration is something to be proud of?
Yes
support duration is something to be proud of?
Yes.
If you don't mind, how did you get the opinion of the security team on this?
that he wrote the statement. Does the security team think that oldstable
security support duration is something to be proud of?
Yes.
If you don't mind, how did you get the opinion of the security team on this?
I read their text. Additionally, I was keen enough not to read too
much
the security team think that oldstable security
support duration is something to be proud of?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468765
I think you misunderstand our policies. You claim in your bug report
that Ubuntu, for example, supports a distribution for 1.5 years, while
we
team think that
oldstable security support duration is something to be proud of?
Why is this important enough to bring up in two seperate fora, and why
is it important to make the security team not be proud of the job they
do
:
This statement is in a security announcement. Martin Schulze
confirmed that he wrote the statement. Does the security team think
that oldstable security support duration is something to be proud
of?
Yes.
If you don't mind, how did you get the opinion of the security team
wrote the statement. Does the security team think that oldstable
security support duration is something to be proud of?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468765
Why would anyone question if a security support of at *least* 2,5 years
by volunteers not be something to be proud
. Martin Schulze confirmed
that he wrote the statement. Does the security team think that oldstable
security support duration is something to be proud of?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468765
I think you misunderstand our policies. You claim in your bug report
, Mar 10, 2008 at 2:36 PM, Filipus Klutiero [EMAIL PROTECTED]
wrote:
This statement is in a security announcement. Martin Schulze
confirmed that he wrote the statement. Does the security team think
that oldstable security support duration is something to be proud
On Mon, Mar 10, 2008 at 4:13 PM, Filipus Klutiero [EMAIL PROTECTED] wrote:
Debian is somewhat better than openSUSE, equal or slightly worst than Ubuntu
and definitely worst than RHEL and derivatives. So on average, Debian is
somewhat worst than its main alternatives in this aspect.
On what
Hi Filipus,
* Filipus Klutiero [EMAIL PROTECTED] [2008-03-10 21:19]:
Le March 10, 2008 03:15:04 pm Jim Popovitch, vous avez écrit :
On Mon, Mar 10, 2008 at 3:01 PM, Filipus Klutiero [EMAIL PROTECTED] wrote:
Le March 10, 2008 02:57:56 pm Jim Popovitch, vous avez écrit : On
Mon, Mar
that oldstable security support duration is something to
be proud of?
Yes.
If you don't mind, how did you get the opinion of the security team
on this?
I read their text.
Which one?
Their public one, the one you referenced.
Argh. If I'm asking
On Mon, Mar 10, 2008 at 04:33:53PM -0400, Filipus Klutiero wrote:
Their public one, the one you referenced.
Argh. If I'm asking about a statement, that's because I read it. Obviously,
the author didn't bother checking whether he was right, which is why I'm
asking whether there are some
Le March 10, 2008 04:24:22 pm Jim Popovitch, vous avez écrit :
On Mon, Mar 10, 2008 at 4:13 PM, Filipus Klutiero [EMAIL PROTECTED] wrote:
Debian is somewhat better than openSUSE, equal or slightly worst than
Ubuntu and definitely worst than RHEL and derivatives. So on average,
Debian is
Filipus Klutiero wrote:
free distros if you want. Let's take these 3 which are not too far from
Debian's quality:
RHEL and derivatives: 7 years
Rather than using a 7 year old product with security updates, you can
use a newer stable release [*].
For Debian when security support ends, there is
.
This statement is in a security announcement. Martin Schulze confirmed
that he wrote the statement. Does the security team think that oldstable
security support duration is something to be proud of?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468765
Why would anyone question if a security
This one time, at band camp, Filipus Klutiero said:
RHEL and derivatives: 7 years
This is longer than Debian.
openSUSE: 2 years
Ubuntu: a bit more complex.
1.5 in general
LTS releases: 3 on desktop, 5 on server
These are all shorter, except for Ubuntu server LTS.
So your
--On March 10, 2008 4:33:53 PM -0400 Filipus Klutiero [EMAIL PROTECTED]
wrote:
Argh. If I'm asking about a statement, that's because I read it.
Obviously, the author didn't bother checking whether he was right, which
is why I'm asking whether there are some people that disagree.
security
support duration is something to be proud of?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=46876
I don't see any reasons why the security team must not be proud of the
work they are doing. I think, that one must consider the fact that the
security team does not owe anythig to anyone
Le March 10, 2008 04:44:35 pm Noah Meyerhans, vous avez écrit :
On Mon, Mar 10, 2008 at 04:33:53PM -0400, Filipus Klutiero wrote:
Their public one, the one you referenced.
Argh. If I'm asking about a statement, that's because I read it.
Obviously, the author didn't bother checking
On Monday 10 March 2008 05:05:44 pm Filipus Klutiero wrote:
Because if somebody disagrees, the statement is inaccurate which is
a good enough reason to remove or change it.
I disagree. Your statement is therefore inaccurate.
Filipus: please stop trolling this list and get on with your life.
On 2008-03-10, Filipus Klutiero [EMAIL PROTECTED] wrote:
I already compared the duration of oldstable support in the bug report, but
let's look at the total security support duration of each release of other
free distros if you want. Let's take these 3 which are not too far from
Debian's
Le March 10, 2008 04:58:28 pm Török Edwin, vous avez écrit :
Filipus Klutiero wrote:
free distros if you want. Let's take these 3 which are not too far from
Debian's quality:
RHEL and derivatives: 7 years
Rather than using a 7 year old product with security updates, you can
use a newer
On Monday 10 March 2008 05:05:44 pm Filipus Klutiero wrote:
Because if somebody disagrees, the statement is inaccurate which is
a good enough reason to remove or change it.
I disagree. Your statement is therefore inaccurate.
Uh? What do you disagree with, and which of my statements do you
This one time, at band camp, Filipus Klutiero said:
RHEL and derivatives: 7 years
This is longer than Debian.
openSUSE: 2 years
Ubuntu: a bit more complex.
1.5 in general
LTS releases: 3 on desktop, 5 on server
These are all shorter, except for Ubuntu server LTS.
No, support for
This one time, at band camp, Filipus Klutiero said:
This one time, at band camp, Filipus Klutiero said:
RHEL and derivatives: 7 years
This is longer than Debian.
openSUSE: 2 years
Ubuntu: a bit more complex.
1.5 in general
LTS releases: 3 on desktop, 5 on server
These
On Mon Mar 10, 2008 at 17:57:04 -0400, Filipus Klutiero wrote:
It should be supported as long as RHEL.
Give me piles of cash and I'll support it for as long as you want.
But this discussion is pointless. The statement is true *we* are
proud; regardless of whether you or anybody else
Le March 10, 2008 07:21:28 pm Steve Kemp, vous avez écrit :
On Mon Mar 10, 2008 at 17:57:04 -0400, Filipus Klutiero wrote:
It should be supported as long as RHEL.
Give me piles of cash and I'll support it for as long as you want.
Ur, here is the context which you are replying to:
It's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve Kemp wrote:
On Mon Mar 10, 2008 at 17:57:04 -0400, Filipus Klutiero wrote:
It should be supported as long as RHEL.
Give me piles of cash and I'll support it for as long as you want.
But this discussion is pointless. The statement
This one time, at band camp, Filipus Klutiero said:
This one time, at band camp, Filipus Klutiero said:
RHEL and derivatives: 7 years
This is longer than Debian.
openSUSE: 2 years
Ubuntu: a bit more complex.
1.5 in general
LTS releases: 3 on desktop, 5 on server
These
Le March 10, 2008 07:49:22 pm Joerg Jaspert, vous avez écrit :
[...]
If it really annoys you so much that its no longer supported after March
31st - noone stops you from doing the work and providing security
support for sarge in an archive you set up for it.
If there's anything I wrote that
team think that
oldstable security support duration is something to be proud of?
Why is this important enough to bring up in two seperate fora
This is the first list on which I bring up this topic.
, and why
is it important to make the security team not be proud of the job they
do?
No idea why
On Mon 10 Mar 2008 19:05:44 Filipus Klutiero wrote:
Le March 10, 2008 04:44:35 pm Noah Meyerhans, vous avez écrit :
Why should you care if anybody disagrees?
Because if somebody disagrees, the statement is inaccurate which is a good
enough reason to remove or change it.
Last time I
On Mon 10 Mar 2008 19:05:44 Filipus Klutiero wrote:
Le March 10, 2008 04:44:35 pm Noah Meyerhans, vous avez écrit :
[...]
I don't care if you think we
shouldn't be proud. We are and we will continue to be.
My point is not to tell you to stop being proud, it's to avoid
bragging in
Please take this discussion off list. It has nothing to do with security.
Take it to some list that has has to do with debian policy, announcements,
the web-page or anyplace else where it might be relevent.
Great job Security team. Thanks for all your work.
--
David Ehle
Computing Systems
On Monday 10 March 2008 06:02:05 pm Filipus Klutiero wrote:
Uh? What do you disagree with, and which of my statements do you
think is inaccurate?
The statement I quoted.
I have difficulty finding something to reply which is as useful as
this name-calling.
Ding ding ding!
Now: go away or I
On Monday 10 March 2008 06:02:05 pm Filipus Klutiero wrote:
Uh? What do you disagree with, and which of my statements do you
think is inaccurate?
The statement I quoted.
That would be
Because if somebody disagrees, the statement is inaccurate which is a
good enough reason to remove or change
Sorry to continue this. :-P
Filipus Klutiero [EMAIL PROTECTED]:
No. My point is not that users shouldn't upgrade or that Debian
releases should be supported for longer. I'm just pointing that
it's useless/misleading to state the project is proud of the
security support duration.
An
Le March 10, 2008 11:03:29 pm David Ehle, vous avez écrit :
Please take this discussion off list. It has nothing to do with security.
The statement discussed is about security and was written by a security team
member so it probably has something to do with security. Steve Kemp suggested
to
I'm going to say that, at the very least, this is on the wrong list and
is a waste of time for everybody who subscribes. The comment on the site
was well justified, and yes, opinionated. If you don't agree with it,
disregard it and go on with your life. You've apparently disregarded the
topic
I'm going to say that, at the very least, this is on the wrong list
and is a waste of time for everybody who subscribes.
David Ehle already expressed the opinion that this topic was brought up
on the wrong list in
http://lists.debian.org/debian-security/2008/03/msg00051.html
The comment on the
Do you just like seeing your name on public lists? Just let the thread
die already.
Filipus Klutiero wrote:
I'm going to say that, at the very least, this is on the wrong list
and is a waste of time for everybody who subscribes.
David Ehle already expressed the opinion that this topic was
58 matches
Mail list logo
