| |||||||||||||
|
| |||||||||||||
Debian security survey results
------------------------------------------------------------------------ Debian Security Survey joey@debian.org http://www.debian.org/security/ Martin Schulze February 17th, 2003 http://www.debian.org/security/faq ------------------------------------------------------------------------ Results from the Security Survey last Year http://lists.debian.org/debian-devel-announce-0211/msg00001.html ================================================================ Counted votes total : 153 Votes used for calculations: 130 Too many people (about 100) didn't supply proper dates but used free text for responses to the questions I initially asked. Hence, their answers need to be interpreted into a date or ignored. Assuming "forever" as December 31st, 2003 we get these results: ------------------------------------------------------------ Wait upgrading approximately until : March 15, 2003 Want support for potato approx. until: March 11, 2003 ------------------------------------------------------------ The results vary a little bit if the answer is weighted by the number of potato machines these people maintain: ------------------------------------------------------------ Wait upgrading approximately until : November 3, 2003 Want support for potato approx. until: October 23, 2003 ------------------------------------------------------------ However, one person answered the questions and revealed that he maintains some 4000 machines running potato that he cannot simply upgrade to woody. He will replace the machines with woody systems, though, in case of failures. So, removing this answer, the results (still weighted) become: ------------------------------------------------------------ Wait upgrading approximately until : June 11th, 2003 Want support for potato approx. until: May 2nd, 2003 ------------------------------------------------------------ If the interpretation of "forever" is changed into December 31st, 2004, the calculated results (still weighted) will move up again: ------------------------------------------------------------ Wait upgrading approximately until : September 18, 2003 Want support for potato approx. until: May 27, 2003 ------------------------------------------------------------ In general it seems that many Debian administrators would rather like to stay with the old stable release before upgrading, for about one year after a new stable version has been released. This places a heavy burdon on the security team which has to support the old stable distribution for one year. This means, supporting two distributions (including all architectures) for one year after a new stable distribution has been released. Conclusion I will probably continue to support potato with security updates at least until end of June 2003 and I hope that the other members of the Security Team will do the same. This means that we support potato for additional 12 months after the release of woody, which is much more than users can expect from a group of volunteers who only work on the system for the sake of it. However, since investigating, correcting and fixing packages for two entirely different code bases needs to be done, supporting woody and potato is very time consuming and you should not expect security updates for potato after the end of June 2003. You should have upgraded to woody anyway. Regards, Joey -- Life is too short to run proprietary software. -- Bdale Garbee (Log in to post comments)
Debian security survey results Posted Feb 18, 2003 15:06 UTC (Tue) by smoogen (subscriber, #97) [Link] Having just had to maintain 3 internal versions of Kerberos and OpenSSH.. I know what kind of pain this is. Good luck to the security team.. they need a PayPal account for the pain they will be going through.
Debian security survey results Posted Feb 18, 2003 17:26 UTC (Tue) by JoeBuck (subscriber, #2330) [Link] Just stunning: "Assuming "forever" as December 31st, 2003 ..." Let me get this straight: anyone asking for potato to have security updates forever was assumed to be asking for security updates for only ten months?
Debian security survey results Posted Feb 18, 2003 18:09 UTC (Tue) by rknop (guest, #66) [Link] Let me get this straight: anyone asking for potato to have security updates forever was assumed to be asking for security updates for only ten months? If you ask for something which is obviously utterly unrealistic, you should be happy not to have been just ignored. Obviously they aren't going to support Potato forever. Obviously nobody's going to be running a Pototo machine forever. (Eventually, if physicists are right, all the protons in those machines will have decayed to photons and neutrinos and maybe other things, and they won't run any more.) So be more realistic: what do you really need? Two more years? Five more years? and then state that. If there's enough of a demand out there for longer term support, people who want it should make noise. The Debian security team won't do it for reasons they've stated, but they surely won't stand in the way of anybody else who wants to do it. If there's enough demand, somebody else may see the benefit of providing a for-pay sysadmin servie that will provide security patches for these older machines. The truth is, Debian is different from Red Hat in one funadmental way. When a new "stable" Debian is released, it is very safe to just upgrade to it. In contrast, with Red Hat, the wise person waits for release x.2, never installing release x.0. Therefore, six months or a year of support for the previous stable release of Debian should be more than enough, whereas with Red Hat, it really ought to be support for everything back to the previous x.2 release for six months or a year after the next x.2 release comes upt. -Rob
|
|
||||||||||||