Your message dated Tue, 11 Nov 2003 18:49:00 -0800
with message-id <[EMAIL PROTECTED]>
and subject line security update policy
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Nov 2003 23:27:27 +0000
>From [EMAIL PROTECTED] Tue Nov 04 17:27:26 2003
Return-path: <[EMAIL PROTECTED]>
Received: from conure.mail.pas.earthlink.net [207.217.120.54]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1AHAa6-0007WN-00; Tue, 04 Nov 2003 17:27:26 -0600
Received: from lsanca1-ar17-4-61-195-020.lsanca1.elnk.dsl.genuity.net
([4.61.195.20] helo=fal.clawpaws.net)
by conure.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
id 1AHAa5-0005sZ-00; Tue, 04 Nov 2003 15:27:25 -0800
Received: from fal.clawpaws.net ([EMAIL PROTECTED] [127.0.0.1])
by fal.clawpaws.net (8.12.10/8.12.10/Debian-1) with ESMTP id
hA4NROQC019575;
Tue, 4 Nov 2003 15:27:24 -0800
Received: from fal.clawpaws.net ([EMAIL PROTECTED])
by fal.clawpaws.net (8.12.10/8.12.10/Debian-1) with ESMTP id
hA4NRNv9019571;
Tue, 4 Nov 2003 15:27:24 -0800
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: "C.M. Connelly" <[EMAIL PROTECTED]>
From: "C.M. Connelly" <[EMAIL PROTECTED]>
Reply-To: "C.M. Connelly" <[EMAIL PROTECTED]>
Organization: The Debian Project
Subject: www.debian.org: Add Security Support Policy, EOL Information, Etc.
Date: Tue, 04 Nov 2003 15:27:23 -0800
Sender: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-Spam-Status: No, hits=-9.9 required=4.0
tests=HAS_PACKAGE,MSG_ID_ADDED_BY_MTA_3,PGP_SIGNATURE
autolearn=ham version=2.53-bugs.debian.org_2003_11_03
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_11_03
(1.174.2.15-2003-03-30-exp)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: www.debian.org
Version: n/a
Severity: normal
With Red Hat announcing the end of their ``free'' Red Hat Linux
distribution, a lot of organizations that can't afford to move to
Red Hat Enterprise Linux are looking for alternatives.
One of the big things that people are looking for when considering
alternatives is a distribution's security support policy
(``errata'', in Red Hat's terminology) and information about the
lifespan of a particular release, including, if possible, specific
dates for a release's end-of-life.
It would be nice if Debian had such information linked fairly
prominently from the front page or from an appropriate subsection
(support?).
Claire
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Man cannot be civilised, or be kept civilised by what he does in his
spare time; only by what he does as his work.
W.R. Lethaby
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
C.M. Connelly [EMAIL PROTECTED] SHC, DS
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iD4DBQE/qDXXzrFKeh3cmQ0RAh+jAJirSTUAKcsTZ/4t1qrQALoTtWabAJ9PvPKe
5MLEFUSpihk8kc4UUc0oBQ==
=mTsu
-----END PGP SIGNATURE-----
---------------------------------------
Received: (at 219198-done) by bugs.debian.org; 12 Nov 2003 02:45:29 +0000
>From [EMAIL PROTECTED] Tue Nov 11 20:45:28 2003
Return-path: <[EMAIL PROTECTED]>
Received: from zoot.lafn.org [206.117.18.6]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1AJl0a-000534-00; Tue, 11 Nov 2003 20:45:28 -0600
Received: from catalunya (host-66-81-30-51.rev.o1.com [66.81.30.51])
by zoot.lafn.org (8.12.3p3/8.12.3) with ESMTP id hAC2jNLw037360;
Tue, 11 Nov 2003 18:45:24 -0800 (PST)
(envelope-from [EMAIL PROTECTED])
Received: from kraai by catalunya with local (Exim 3.36 #1 (Debian))
id 1AJl40-0000Co-00; Tue, 11 Nov 2003 18:49:00 -0800
Date: Tue, 11 Nov 2003 18:49:00 -0800
From: Matt Kraai <[EMAIL PROTECTED]>
To: Martin Schulze <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: security update policy
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL
PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.4i
Sender: Matt Kraai <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Status: No, hits=-4.1 required=4.0
tests=EMAIL_ATTRIBUTION,HTML_00_10,HTML_MESSAGE,
PATCH_UNIFIED_DIFF,QUOTED_EMAIL_TEXT
version=2.53-bugs.debian.org_2003_11_9
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_11_9
(1.174.2.15-2003-03-30-exp)
On Thu, Nov 06, 2003 at 09:27:35AM +0100, Martin Schulze wrote:
> Matt Kraai wrote:
> > On Wed, Nov 05, 2003 at 09:20:59AM +0100, Martin Schulze wrote:
> > > Matt Kraai wrote:
> > > > Howdy,
> > > >
> > > > I don't know that the security team has a policy for how long they
> > > > will support old-stable. For potato, they took a user survey and
> > > > discontinued support after about a year.
> > > >
> > > > Would someone on the security team please let us know if users can
> > > > expect a year of support for old-stable in the future as well?
> > >
> > > I guess that you can, assuming that no release is done in the
> > > meantime. we won't be able to support three releases, two is
> > > already difficult enough.
> >
> > I think it is safe to assume that we won't release more than once
> > a year in the near future. Therefore, would anyone object if I
> > added the following to the security FAQ? Claire, would this be
> > sufficient?
> >
> > Q: How long will security updates be provided?
> > A: Security updates will be provided for a given release for one
> > year after the next version is released.
>
> I'd rather forumlate it as follows:
>
> A: The Security Team tries to support a stable distribution for
> about one more year after a new stable distribution has been
> released, except when another stable distribution is released
> within this year. It is not possible to suppor three
> distributions, while supporting two simultaneously is already
> difficult enough.
>
> I guess this paragraph could use some improvements...
I've committed the following patch:
Index: faq.wml
===================================================================
RCS file: /cvs/webwml/webwml/english/security/faq.wml,v
retrieving revision 1.31
diff -u -r1.31 faq.wml
--- faq.wml 17 Oct 2003 20:35:46 -0000 1.31
+++ faq.wml 12 Nov 2003 02:44:25 -0000
@@ -261,3 +261,11 @@
<p>A: The Debian security team consists of
<a href="../intro/organization">several officers and secretaries</a>.
The security team itself appoints people to join the team.
+
+<toc-add-entry name=lifespan>How long will security updates be
provided?</toc-add-entry>
+<p>A: The security team tries to support a stable distribution for
+ about one year after the next stable distribution has been
+ released, except when another stable distribution is released
+ within this year. It is not possible to support three
+ distributions; supporting two simultaneously is already difficult
+ enough.
Thanks for clarifying the security team's position.
--
Matt
