Web lists-archives.com

Re: Confusing our users - who is supporting LTS?

]] Noah Meyerhans 

> To be clear, the ongoing cost to the cloud team of dealing with jessie
> on AWS (where this issue originally came up) has been exactly zero,
> afaict. That is, we haven't actually updated anything in >18 months.
> Users who launch a jessie image there get 8.7, with 106 pending updates.
> As long as LTS exists and users are happy with it, there's nothing
> strictly wrong with this situation. They should update their instances
> and reboot, but from there, they are free to continue using them in
> relative safety.

I disagree with the statement that there's nothing wrong with this.

We should not be in the business of distributing known-vulnerable
software.  There are practical considerations around point releases and
such which makes this not-really-true for a period of time after there's
a security update out, but this gets converged at each point release. If
you look cdimage.d.o, we are only distributing the latest point release.
I think the same standard should apply to cloud images.

Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are