On Fri, Dec 15, 2023 at 10:39:04AM +0200, Adrian Bunk wrote:
> > That is a good point. However, I consider full coverage of security support
> > for stable to be an improvement over the current situation. Explicitly
> > stating that security support is not shipped for oldstable does not do any
> > more harm to users than what we currently do by explicitly stating that
> > security support is not shipped for either stable or oldstable.
>
> >From a policy point of view, the duration of security support is a
> Debian-wide policy and not a per-package policy.
>
> >From a user point of view, an organization/company running Debian on
> their user/employee desktops would not schedule upgrades to a new
> stable on release day - 1 year of migration time is really necessary.
We already set some tighter deadlines, Chromium security support will
also end six months after the release of the next stable release.
But I agree with the general sentiment that this too much work to directly
commit to full security support. A first step would be to initially commit
to rebase to the latest LTS release in every point release. That would already
be an improvement.
Cheers,
Moritz
