Clint Byrum <spam...@debian.org> writes: > Most places as large and tech-savvy as Dreamhost are happy to maintain > something at the core of their business like a webserver > (i.e. nginx). It is glibc, gcc, sshd, the kernel, bash, etc., that they > don't want to have to think about.
> The 2 year cadence has left users with very little time to actually > capitalize on their investment when upgrading. If one has 10 apps to > test and roll out on the new stable, and each app takes 1 month to get > there, and one starts immediately on release day, one now has 14 months > to recoup that time investment before one must start again. The only > real answer that makes sense is to continuously deploy on unstable, but > then you will suffer when a massive breaking transition begins. > Those 5 year cycles just give users more cushion. Not that it helps with our marketing posture here, but my experience in seeing what people actually *do* with Ubuntu LTS is that they run it for five years with exactly the software that shipped with it. They do *not* maintain their own versions of non-core software that has had security problems. Rather, they just blindly assume that LTS having security support for five years means that, as long as they regularly upgrade, they don't have to worry about security. They therefore end up running various non-core software with open security vulnerabilities. This is mostly neither here nor there, since we're not Ubuntu and can't change anything about their model. However, as a Debian Developer, I would be extremely uncomfortable about having tiers of security support for our packages were we to try to duplicate something like LTS. I believe the actual effect on the users (unintended though it may be) is to deceive them into thinking they have security support when they don't. Debian currently provides security support for the whole archive as best as we can for the life of our stable release, and I don't think we should relax that standard to increase the lifetime of stable. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/871u5pmmlf....@windlord.stanford.edu
