LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for August 21, 2008

Standards, the kernel, and Postfix

In defense of Ubuntu

Why the JMRI decision matters

LWN.net Weekly Edition for August 14, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Security Support for Debian 3.1 to be terminated

Security Support for Debian 3.1 to be terminated

Posted Mar 3, 2008 5:41 UTC (Mon) by ikm (subscriber, #493)
In reply to: Security Support for Debian 3.1 to be terminated by sbergman27
Parent article: Security Support for Debian 3.1 to be terminated 

> I would note that if Microsoft dropped support for a version of Windows after less than 3
years we'd all be screaming bloody murder and talking about upgrade treadmills. 

..unless these upgrades didn't require buying them and upgrading hardware in order to run
them. So I think this comparison is just not true -- these are not upgrades to begin with, but
instead some completely new systems.

(Log in to post comments)

Security Support for Debian 3.1 to be terminated

Posted Mar 3, 2008 16:25 UTC (Mon) by sbergman27 (subscriber, #10767) [Link] 

No upgrade is free.  There are *always* costs associated with them, even when there are no
licensing costs involved.  So saying that Debian is a free upgrade doesn't really cut it.  Any
enterprise depending upon Debian is now being forced to spend money and human resources due to
Debian's relatively short life-cycle.

The reason I bring this up is that I often see Debian being pitched as an enterprise OS in the
same breath as RHEL and SLES.  This seems as good a time as any to point out a problem with
that pitch.  And it is one which is entirely addressable.

Someone else has already pointed out Ubuntu Server LTS, which I neglected to mention.  My
mistake.  But I'm not sure that Debian fans are going to be comfortable with the idea of
Ubuntu being the stable enterprise OS with Debian being classified as the fly-by-night option.
;-)

Also, someone below points out that they did not think that I was saying that there was
anything necessarily wrong with upgrades.  They are correct.  All actions and all policies
have consequences.  I am merely pointing out one of the consequences of a < 3 year OS
life-cycle policy.

It is not enough for the maintainer of an enterprise class OS to talk the talk.  They must
also walk the walk.  And long term support is very much a part of that walk.

Security Support for Debian 3.1 to be terminated

Posted Mar 3, 2008 20:42 UTC (Mon) by vmole (subscriber, #111) [Link]

Any enterprise depending upon Debian is now being forced to spend money and human resources due to Debian's relatively short life-cycle.

Of course, they didn't pay anything up front (except the install resources, which would be similar for any distribution.) And during the supported time, they had security support and updates that didn't break existing systems. And now that they do have to upgrade, they're getting the smoothest upgrades available. And it's not like anyone *promised* them 7 year support...so I have a hard time seeing the valid complaints. Businesses are supposed to evaluate choices and make the best one, for their circumstances. If you want a Debian system with longer supported lifecycles, start a company and do it.

And I find it terribly amusing (and sad) that Debian can't win. They're giving away software and a huge amount of effort, and people either bitch about too many updates, or not enough.

Security Support for Debian 3.1 to be terminated

Posted Mar 3, 2008 22:11 UTC (Mon) by sbergman27 (subscriber, #10767) [Link] 

"""
Of course, they didn't pay anything up front (except the install resources, which would be
similar for any distribution.)
"""

The human resources being the largest part of the lifetime cost of most any OS running on
commodity hardware.

"""
And during the supported time, they had security support and updates that didn't break
existing systems. And now that they do have to upgrade, they're getting the smoothest upgrades
available.
"""

Those statements are unproven.  Maybe they did have breakage.  And maybe they didn't.  And no
upgrade to a server with a complex config is ever really smooth.  There are always snags.  

"""
And it's not like anyone *promised* them 7 year support...
"""

That's for sure.  Debian tries to commit to as little as possible.

"""
Businesses are supposed to evaluate choices and make the best one, for their circumstances. If
you want a Debian system with longer supported lifecycles, start a company and do it.
"""

There is no point in my starting a company to provide an OS with long term support.  I just
use RHEL or CentOS when such is needed.  And I presume larger enterprises do the same.  (I'm
taking a wait and see attitude regarding Ubuntu Server LTS.)  You are really missing my point
in your haste to interpret my post as an attack upon Debian.  It is obvious to me, based upon
posts which I have read from time to time, which posit Debian as an enterprise class OS next
to RHEL, CentOS, and SLES, that a certain segment of the Debian community fancies Debian to be
an enterprise class OS.  To operate in that capacity, the distro maintainers must give
enterprise customers what they want.  And believe it or not, a nominal price tag or $0 with no
promises given comes pretty far down the list of features attractive to such a customer.  We
in the FOSS world really do lean too hard on the "Well, you didn't pay anything for it!"
excuse, and also upon the marketing value of a $0 price tag, which is, in fact, limited.

Instead of saying that enterprises should evaluate their needs and select accordingly, it
seems to me that it would be more beneficial to consider giving the enterprise customers what
they want.  That is assuming that Debian *wants* to be considered an enterprise OS.  If they
do not, then that is OK.  I'm only going by evidence that I see that some in the Debian
community view it as such.

"""
And I find it terribly amusing (and sad) that Debian can't win. They're giving away software
and a huge amount of effort, and people either bitch about too many updates, or not enough.
"""

It really is not the catch 22 that you depict.  And RedHat's policies can be held up as an
example of what would be required:  A somewhat predictable release cycle of about 18-24
months, and at least 5 years support for each release.  RedHat provides 7 years, in three
phases:

http://tinyurl.com/28orla

And considering RedHat's excellent customer loyalty rating, I would say that the recipe which
they use is a good one.

Security Support for Debian 3.1 to be terminated

Posted Mar 3, 2008 22:57 UTC (Mon) by vmole (subscriber, #111) [Link]

Of course the human resource is the biggest cost in any large installation. But those costs are ongoing regardless of the distribution, and it is not unreasonable that for a large installation, the cost of an upgrade every three years instead of six is evaluated as being less than the cost of "Enterprise Class" OS licenses. And while support contracts may be desirable to some enterprise customers, to some they're not. They have in-house expertise, and while the vendor license isn't a big fraction of the total cost, it is, to some, pure waste.

(Originally, I wrote a few paragraphs arguing about the Debian upgrades were definitely smoother and easier than RH. But then we'd just end up arguing details and preferences, so why bother.)

To operate in that capacity, the distro maintainers must give enterprise customers what they want.

Debian maintainers give its customers *exactly* what they want. That's because Debian maintainers *are* the customers. Some of them work for large enterprises, and some of them don't. The fact that many others find the distribution useful is a bonus. But they're not the customers. That's the whole point: Debian is NOT a commercial distribution. If Debian is not suitable for your purposes, DON'T USE IT. I don't care.

Security Support for Debian 3.1 to be terminated

Posted Mar 4, 2008 0:31 UTC (Tue) by ikm (subscriber, #493) [Link] 

I totally agree with you when you say that Debian is not an enterprise OS -- of course it
isn't. Enterprise offerings are about guarantees and support -- that's definitely not Debian,
which comes with no warranties and no support promises whatsoever.

On a different note, I would like to notice that upgrading sarge to etch and upgrading xp to
vista are two wholly different experiences with two completely different results, and that is
what I was actually talking about.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.