On 12/16/2013 06:27 PM, Christoph Lechleitner wrote:
Regarding our business model: Using Debian on those customer systems
was not our choice, it was the customer's. But we recommended it
Debian is a great choice :)
My comment was about the decision to remain on oldstable for such a long
time (well beyond EOL, if those squeeze systems are going to be
maintained for upcoming *years* from now). Getting into the situation
of maintaining your own repository with custom backports, near or beyond
EOL, is not to be taken lightly - I've done this for work as well, and
it paid off for us to do this for as short of a time as possible. That
business practice was changed to move to the next stable release as soon
as humanly possible and eliminating our own OS maintenance.
Thanks for the links. I can see why the c_hash problem really forces
the nagging dependency on curent openssl binary packages.
Yep. It seems that the CKA_LABEL changes occurred after squeeze was
released, so while some certdata2pem.py hacking is required for newer
certdata.txt releases from Mozilla, an update with just the new Mozilla
CA bundle (and perhaps removing a few expired CAs) is not unreasonable.
It's just a matter of gathering up some of my volunteer time to do so ;)
If I recall, it was a little while after squeeze was released that I
adopted ca-certificates, so most of my attention has been incremental
improvement for the wheezy release, as well as timely updates to git
with periodic releases to sid. A new release to sid should be "soon",
since I need to get the latest Mozilla certdata uploaded, and I will
look at a squeeze update as soon as I can, so it's at least relatively
current when squeeze gets archived.
--
Kind regards,
Michael
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
