On Fri, Feb 28, 2003 at 11:48:28AM +0200, Johann Spies wrote: > The article "New Linux support policies are ominous" by Jon Lasser, > Security Focus Online at > http://www.theregister.co.uk/content/61/29330.html is disturbing. It > highlights new support policies from Mandrake and Redhat that is bad > for the reputation of Linux in the industry. There is also a > reference to Debian in it which underline the author's concern.
This article has already been discussed on debian-security (IIRC). Note that the author's comments refer to the release of potato, not woody. I notice the author doesn't lambast Microsoft and other commercial vendors for not supported outdated versions of their software. I wonder why not? > What exactly is Debian's policy regarding security support for older > versions? I know there is still support for potato, but for how long? Again IIRC (I'm too lazy to look it up; feel free to do the research) debian has said they will support potato for one year, which is until July 2003. > What are the opinions of users of this list about the issue? 1) Using old[1] software is probably not the best security stance. 2) debian upgrades are relatively painless[2], especially compared to other distributions. Thus the cost of upgrading is diminished. 3) I see a commercial opportunity for third parties here. If there really is a massive demand for support of old RedHat/Mandrake/SuSE/ debian/whatever releases, someone should download the source, start backporting bugfixes, determine a suitable fee, and advertise their service. If people would rather upgrade than pay ... well, I guess that upgrade wasn't so expensive after all, was it? Note that it is impossible for third parties to support old software that is not open source. [1] old as in ancient, as opposed to old as in stable[3] [2] If there is pain, it is almost always documented! RTFM of course. [3] as in debian stable :-) -- Nathan Norman - Incanus Networking mailto:[EMAIL PROTECTED] We're sysadmins. To us, data is a protocol-overhead. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
