On Mon, Feb 19, 2018 at 10:16:56PM +0200, Adrian Bunk wrote: > On Mon, Feb 19, 2018 at 08:40:12PM +0100, Michael Meskes wrote: > >... > > > An example what "no security support" means in practice: > > > > I don't think anyone suggest "no security", but something like > > "security by upstream releases". > > How can you guarantee that to our users for buster until mid-2022? > > This only works when upstream provides an LTS branch covering the > lifetime of the Debian release. > > Debian already does "security by upstream releases" for Firefox, > and this clearly shows why this is problematic:
Also PostgreSQL, formerly MySQL, OpenJDK, etc. Some go smoothly (I think PostgreSQL upstream is very good here), and some do not. Regards, -Roberto -- Roberto C. Sánchez
