On Sun, Jan 06, 2013 at 01:54:34PM +0800, Thomas Goirand wrote: > I agree on all what you said (eg: difficulties in doing such a maintenance, > the fact we don't have unlimited manpower, etc.), but I'm still convince it > would be worth a try. > > On 01/06/2013 04:39 AM, Neil Williams wrote: > > It's not about prohibiting updates, it's that most maintainers don't > > have time to support deprecated versions. > > How about allowing anyone to work on any package in very-old-stable? > > This might work at least for a few key packages, which some > users badly need. For example, I'd like to provide backports > for bind if it has a major hole.
I disagree. It shouldn't not be some private repository in a dark corner of teh interwebs, it must be an official thing with a mandatory apt line during the installation. Too many people I otherwise respect use lenny (or etch!) on production network-facing servers, no matter how often I scream at them. And if they'll get rooted, there'll be stink about Debian's lack of security. The upgrade window is only 12 months, that's ridiculously short in many environments (corporate with its inertia, small setups where admins are starved for tuits). > It's probable that others will want to updates for apache, postfix, and > stuff like that as well. Ie, anything that is likely to be vulnerable remotely. > Anyone maintaining a large amount of servers will see value > in this (eg: better than nothing). I'd say admins with just one or two servers are more vulnerable, as they won't know about the issue in the first place. > The idea isn't to keep quality as high as we have for stable > or old-stable. The idea isn't to keep the same maintenance > rules either. It's about allowing what can be done to happen. It's impossible to maintain several tens of thousands of packages with the usual level of quality, yes. Doing that for several tens of packages can be done for a decade or two. Thus, I propose: what about adding such an empty repository to wheezy's apt sources NOW? In a few years, when wheezy becomes retired oldstable, there will be time to decide whether to use that repository or not. Or alternatively, you could revive lenny-security -- this has the upside of not adding new entities, and a downside of announcements being not as loud as a 404. -- How to squander your resources: those silly Swedes have a sauce named "hovmästarsås", the best thing ever to put on cheese, yet they waste it solely on mere salmon. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130106130839.ga11...@angband.pl
