Le March 10, 2008 04:58:28 pm Török Edwin, vous avez écrit : > Filipus Klutiero wrote: > > free distros if you want. Let's take these 3 which are not too far from > > Debian's quality: > > RHEL and derivatives: 7 years > > Rather than using a 7 year old product with security updates, you can > use a newer stable release [*]. > For Debian when security support ends, there is a new stable release > available for at least a year. > Upgrading from oldstable to stable is supported. During that year you > had plenty of time to test upgrading from "oldstable" to the new > "stable" release. > > IMHO if there is a new stable release available for a reasonable time (1 > year is more than reasonable), then having longer security support for > an old release doesn't > add to a distribution's quality. It does add a bit, for these ~1% users that didn't upgrade yet. > The Debian security team should definitely be proud for doing a good job! > > [*] Also the old product can have vulnerabilities that do not affect the > latest stable, (for example portions of code got rewritten to be more > robust), > and thus the old product won't get security updates. But are you safer > using the old product? No. My point is not that users shouldn't upgrade or that Debian releases should be supported for longer. I'm just pointing that it's useless/misleading to state the project is proud of the security support duration.
> No, because if somebody writes an exploit for it (the old product) you > are not protected; however if you are using a newer stable release, you > wouldn't be affected by it at all. > > There are other factors to consider, like length of security support > from upstream for old releases. > > > Debian is somewhat better than openSUSE, equal or slightly worst than > > Ubuntu and definitely worst than RHEL and derivatives. So on average, > > Debian is somewhat worst than its main alternatives in this aspect. IMO > > one shouldn't show off unless being at least a bit above average. > > IHMO you can't judge a distribution's quality based on the length of > security support alone. Of course...note the "in this aspect". All we are/should be discussing here is the security support duration of oldstable, not Debian's quality. If I didn't think that Debian was the best, I wouldn't use it nor bother reporting its bugs.
