Web lists-archives.com

Re: next LTS version?

On Wed, Jul 04, 2018 at 11:22:29AM +0100, Tixy wrote:
> It's not quite 'fully supported'. The extra support (after the standard
> approx 3 years) is only for a subset of architectures and packages [1].
> Also, hat support isn't done by the Debian security team, which in my
> experience means that security updates can come day's or weeks after
> the Stable release gets them. (That isn't intended to be a criticism of
> the people working on LTS, just an observation so people considering
> relying on LTS know they may need to be a bit more proactive when
> security issues emerge.)
I have also seen the opposite happen plenty of times: the LTS package
gets an update before the stable package. 

That sort of thing has to do with the different workloads for each of
the teams.  As you point out, the Security team has responsibility over
more packages than the LTS team.  There are also plenty of instances
where the fix that applies to the package in one suite also applies to
the package in the other.  It might make sense to wait for the stable
fix to be completed and then applied to the LTS package.  That results
in less duplicate work.

Additionally, I have seen (actually prepared myself) a package where the
LTS patch was done before the security team even began to look at the
package in stable.  As a result, I applied the patches to the package in
stable and since they applied cleanly, I submitted it to the security
team.  The stable updated came several days after the LTS update of the
package because, as I am not a member of the regular Security team, one
of the team members had to review the changes.

Other members of the LTS team have done the same thing on various
packages at some point or another.

I simply want to point this out to prevent the impression that LTS
constantly lags behind stable.



Roberto C. Sánchez