Re: Confusing our users - who is supporting LTS?
- Date: Wed, 24 Oct 2018 08:09:23 -0400
- From: Michael Stone <mstone@xxxxxxxxxx>
- Subject: Re: Confusing our users - who is supporting LTS?
On Tue, Oct 23, 2018 at 10:05:35PM +0200, Tollef Fog Heen wrote:
We should not be in the business of distributing known-vulnerable
software. There are practical considerations around point releases and
such which makes this not-really-true for a period of time after there's
a security update out, but this gets converged at each point release. If
you look cdimage.d.o, we are only distributing the latest point release.
I think the same standard should apply to cloud images.
It does; they are distributing the latest (lastest) point release. As
you already stipulated, this is no different than the normal state of
stable, which is only secure if you update & upgrade with security
IMO, the main benefits of point releases are that 1) they reduce the
amount you need to download if you are installing from an iso and 2)
they are an opportunity to introduce *non* security updates into stable.
I'm not sure that either of these are relevent in the context of this