Extended Long Term Support for Wheezy
[ Bcc to ftpmasters, wanna-build team, DSA team, LTS team, security team
to catch their attention ]
Hello,
some of the LTS sponsors are looking to extend the support period of
Debian 7 Wheezy (from a few months up to a full year). Some of the LTS
sponsors (notably Plat'Home, Toshiba) are also members of the Civil
Infrastructure Project which wants to build an "open source base layer
(OSBL) for embedded systems" that would be supported for 15 years or more
("super long-term maintenance", SLTS in their jargon) and it looks like
that Debian is their reference distribution to build this:
https://wiki.linuxfoundation.org/civilinfrastructureplatform/cip-core
I queried the current set of paid contributors and we have enough
volunteers (6) to actually make this "extended LTS" happen for one
supplementary year, at least from the "providing security updates" side.
The problem is that this extension would not work like the regular
LTS period. Due to the decreased interest for this extension, we would
only support the set of packages requested by the sponsors and the
sponsors will have to pay their (varying) share of the workload generated
by the packages they use.
Our question is whether this can be done on debian.org infrastructure.
All sponsors and CIP members would largely prefer if we could continue
to provide security updates through the usual debian.org channels. It's
also the best way to let everybody benefit from the work done within
this project. But it might be a bit misleading given that the rules would
have again changed.
So here are a few questions to the various teams:
- for ftpmasters, can we keep wheezy/updates on security.debian.org for
one year more? (it might be possible to archive wheezy and drop it from
the main mirror, that would be a clear sign to everybody that something
important changed, and we could reconfigure the buildd to use another
repository)
- for security team, can we continue to use the security tracker for
wheezy for one year more? (or even longer in the context of CIP)
- for buildd/DSA teams, can we keep wheezy buildds (only amd64/i386 has
been requested so far) for one year more?
- are there other problems related to this extended LTS that need to be
discussed?
I'm happy to answer any question that you might have.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
Fw: Extended Long Term Support for Wheezy
Wrong ML before.
Beginn der weitergeleiteten Nachricht:
Datum: Tue, 20 Feb 2018 16:52:02 +0100
Von: Jens Korte
Cc: debian-de...@lists.debian.org
Betreff: Re: Extended Long Term Support for Wheezy
Hi
How would you organize and call it in the wiki name space, ELTS,
extended LTS, LTS? Would you use the normal LTS name space and make no
difference? LTS is on the one side the name for the support after
oldstable and on the other side the general name for LTS and ELTS.
Greets
Jens Korte
Am Tue, 20 Feb 2018 16:07:03 +0100
schrieb Raphael Hertzog :
> [ Bcc to ftpmasters, wanna-build team, DSA team, LTS team, security
> team to catch their attention ]
>
> Hello,
>
> some of the LTS sponsors are looking to extend the support period of
> Debian 7 Wheezy (from a few months up to a full year). Some of the LTS
> sponsors (notably Plat'Home, Toshiba) are also members of the Civil
> Infrastructure Project which wants to build an "open source base layer
> (OSBL) for embedded systems" that would be supported for 15 years or
> more ("super long-term maintenance", SLTS in their jargon) and it
> looks like that Debian is their reference distribution to build this:
> https://wiki.linuxfoundation.org/civilinfrastructureplatform/cip-core
>
> I queried the current set of paid contributors and we have enough
> volunteers (6) to actually make this "extended LTS" happen for one
> supplementary year, at least from the "providing security updates"
> side.
>
> The problem is that this extension would not work like the regular
> LTS period. Due to the decreased interest for this extension, we would
> only support the set of packages requested by the sponsors and the
> sponsors will have to pay their (varying) share of the workload
> generated by the packages they use.
>
> Our question is whether this can be done on debian.org infrastructure.
> All sponsors and CIP members would largely prefer if we could continue
> to provide security updates through the usual debian.org channels.
> It's also the best way to let everybody benefit from the work done
> within this project. But it might be a bit misleading given that the
> rules would have again changed.
>
> So here are a few questions to the various teams:
>
> - for ftpmasters, can we keep wheezy/updates on security.debian.org
> for one year more? (it might be possible to archive wheezy and drop
> it from the main mirror, that would be a clear sign to everybody that
> something important changed, and we could reconfigure the buildd to
> use another repository)
>
> - for security team, can we continue to use the security tracker for
> wheezy for one year more? (or even longer in the context of CIP)
>
> - for buildd/DSA teams, can we keep wheezy buildds (only amd64/i386
> has been requested so far) for one year more?
>
> - are there other problems related to this extended LTS that need to
> be discussed?
>
> I'm happy to answer any question that you might have.
>
> Cheers,
Re: Fw: Extended Long Term Support for Wheezy
Hello Jens, On Tue, 20 Feb 2018, Jens Korte wrote: > How would you organize and call it in the wiki name space, ELTS, > extended LTS, LTS? Would you use the normal LTS name space and make no > difference? LTS is on the one side the name for the support after > oldstable and on the other side the general name for LTS and ELTS. I think it's a bit early to answer this question. It really depends on how much of this effort is going to happen on debian.org infrastructure. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
LTS Report for February 2018 - Abhijith
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 My first month as a paid contributor !. I was assigned 8h and I spend all of them on the following. * simplesamlphp: Backport CVE-2017-18122, CVE-2017-18121, CVE-2018-6521, test and release DLA 1273-1[1] * mailman: Backport CVE-2018-5950, test and release DLA 1272-1[2] * leptonlib: Patch for CVE-2018-3836, test and release DLA 1284-1[3] * golang: Research on CVE-2018-7187. Thanks to Markus Koschany and Roberto C. Sánchez for sponsoring packages . - -Abhijith PA [1] https://lists.debian.org/debian-lts-announce/2018/02/msg8.html [2] https://lists.debian.org/debian-lts-announce/2018/02/msg7.html [3] https://lists.debian.org/debian-lts-announce/2018/02/msg00019.html -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlqMS+4ACgkQhj1N8u2c KO+lGg//ZgOupWuHR9Q1Z/BoAQ36pTkvPpRwY4homhAPGPCJIk0uKFn+KKQlt/Yy KAbBfK5gSqsx0DP3GNoka2QhU1dFvqFf1mjtpiOW2wI4FSK1RpYfvEhP+MZcLd13 O2kPe5/dwID3Lc2z/8+nNTmexU+3KRkSKcpuw9MQkHRGnzroBhM3Eo7v0YHn2Ino X6m8+BGQICFd1buHo9LzXgUVsQBJPCoq2aJe5klGVTt3IDlT6AyGfRfpkxMLR9lK EjN4E0hFbYeaAZKpw3dg5WltNbH4PWhZgc0N7WqaT+rQ3e9poUxoPZlBXZpDxyBT VbB0zydGKSi9nYptt38WahmtaVvZo6kJN1kwBbo6Q69dIz4B4A6f4Ci2dX3XVwBl o6NdXbDPTmREd/JetH3BrFT5qVeGBXx82PhOPWKL935CG5YPxaJoo0vTokZ6QfaF O/xcSW828pguWuGuNi/qzDg4+1oa5vNGIkEQdvBbMO+xcsYT+6ieWYfueEcAE0Wh T7yMTDy1Y5kjNUicAakpQgzjbJYnGmjPlxN6KSXylt7akiQAt4geZZ7QzL6K9Pw7 IFwXGSFz4ov0cu1OB8qVDUu4ZyCnGQOrjH3cZFWhyjM8ut5/7CpcmydH9M+dhKil YkSCPtSyZXy/nucxBxTlf/rZNz9mWM8B1ruSlvFvM68e06syP/U= =uBwq -END PGP SIGNATURE-
Re: Extended Long Term Support for Wheezy
(this reply on debian-lts, not on debian-devel) On Tue, 20 Feb 2018, Raphael Hertzog wrote: > some of the LTS sponsors are looking to extend the support period of > Debian 7 Wheezy (from a few months up to a full year).i FWIW, I published a blog post with more details about how it will work from the sponsor's point of view: https://raphaelhertzog.com/2018/02/20/time-to-join-extended-long-term-support-for-debian-7-wheezy/ Do people think that we should relay that information on debian-lts-annou...@lists.debian.org ? Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
Re: Extended Long Term Support for Wheezy
Am 20.02.2018 um 18:10 schrieb Raphael Hertzog: > (this reply on debian-lts, not on debian-devel) > > On Tue, 20 Feb 2018, Raphael Hertzog wrote: >> some of the LTS sponsors are looking to extend the support period of >> Debian 7 Wheezy (from a few months up to a full year).i > > FWIW, I published a blog post with more details about how it will > work from the sponsor's point of view: > https://raphaelhertzog.com/2018/02/20/time-to-join-extended-long-term-support-for-debian-7-wheezy/ > > Do people think that we should relay that information on > debian-lts-annou...@lists.debian.org ? Sure. This and perhaps even a link to the discussion on debian-devel so that potential users of ELTS can participate in the discussion and present their point of view. Regards, Markus signature.asc Description: OpenPGP digital signature
Re: Extended Long Term Support for Wheezy
❦ 20 février 2018 18:10 +0100, Raphael Hertzog : >> some of the LTS sponsors are looking to extend the support period of >> Debian 7 Wheezy (from a few months up to a full year).i > > FWIW, I published a blog post with more details about how it will > work from the sponsor's point of view: > https://raphaelhertzog.com/2018/02/20/time-to-join-extended-long-term-support-for-debian-7-wheezy/ Limiting ELTS access to sponsors seem quite incompatible with using any Debian resource for that. Is that really the meaning of the last paragraph? -- Keep it right when you make it faster. - The Elements of Programming Style (Kernighan & Plauger) signature.asc Description: PGP signature
Re: Extended Long Term Support for Wheezy
On Tue, 20 Feb 2018, Vincent Bernat wrote: > ❦ 20 février 2018 18:10 +0100, Raphael Hertzog : > > >> some of the LTS sponsors are looking to extend the support period of > >> Debian 7 Wheezy (from a few months up to a full year).i > > > > FWIW, I published a blog post with more details about how it will > > work from the sponsor's point of view: > > https://raphaelhertzog.com/2018/02/20/time-to-join-extended-long-term-support-for-debian-7-wheezy/ > > Limiting ELTS access to sponsors seem quite incompatible with using any > Debian resource for that. Is that really the meaning of the last > paragraph? It its true, please stop to use any debian resources. Thanks Alex signature.asc Description: PGP signature
Re: Extended Long Term Support for Wheezy
Am 20.02.2018 um 18:39 schrieb Vincent Bernat: > ❦ 20 février 2018 18:10 +0100, Raphael Hertzog : > >>> some of the LTS sponsors are looking to extend the support period of >>> Debian 7 Wheezy (from a few months up to a full year).i >> >> FWIW, I published a blog post with more details about how it will >> work from the sponsor's point of view: >> https://raphaelhertzog.com/2018/02/20/time-to-join-extended-long-term-support-for-debian-7-wheezy/ > > Limiting ELTS access to sponsors seem quite incompatible with using any > Debian resource for that. Is that really the meaning of the last > paragraph? No this is not what Raphael has written. The point made is that all security fixes will benefit every user of ELTS and there are no access restrictions when Debian's infrastructure is used. (See his post on debian-devel) However if you like to see a certain package supported during the ELTS lifecycle then you should be a regular LTS sponsor as well because without regular support ELTS would not be possible. Regards, Markus signature.asc Description: OpenPGP digital signature
Re: Extended Long Term Support for Wheezy
❦ 20 février 2018 22:02 +0100, Markus Koschany : >>> FWIW, I published a blog post with more details about how it will >>> work from the sponsor's point of view: >>> https://raphaelhertzog.com/2018/02/20/time-to-join-extended-long-term-support-for-debian-7-wheezy/ >> >> Limiting ELTS access to sponsors seem quite incompatible with using any >> Debian resource for that. Is that really the meaning of the last >> paragraph? > > No this is not what Raphael has written. The point made is that all > security fixes will benefit every user of ELTS and there are no access > restrictions when Debian's infrastructure is used. (See his post on > debian-devel) However if you like to see a certain package supported > during the ELTS lifecycle then you should be a regular LTS sponsor as > well because without regular support ELTS would not be possible. My bad. I suggest replacing "it would not be possible to get extended wheezy support" by "it would not be possible to sponsor extended wheezy support". -- Don't compare floating point numbers just for equality. - The Elements of Programming Style (Kernighan & Plauger) signature.asc Description: PGP signature
