On Thu, Feb 22, 2018 at 02:57:07PM +0100, Raphael Hertzog wrote: > Hello, > > On Tue, 20 Feb 2018, Moritz Mühlenhoff wrote: > > LTS has a clearly defined scope, while this is essentially contracting > > work to extend the life time of some packages for some customers. > > > > I don't see a compelling reason for it to run on Debian infrastructure. > > This was also my first feeling but if you include the CIP into > the picture, you can conceive this as a first step into a new direction. > Let me explain at the end. > > But assuming that we keep updates hosted on some debian.org host, do you > think it's OK to continue to use the security tracker to track > vulnerabilities in wheezy? > > On Tue, 20 Feb 2018, Joerg Jaspert wrote: > > If this would be "just" extending the current LTS ways for more time, > > then it would be OKish to stay on donated, voluntarily managed, > > infrastructure. After all it helps all users of wheezy with updates, > > nominally over all of wheezy. > > > > But the proposal is effectively just for a benefit of a few paying > > customers, with a very selected set of packages and architectures, all > > the rest lost out. Thats not ok to ask volunteers to support, nor > > is it ok to use projects infrastructure for. The companies that want it, > > should run it. > > Just to clarify, the set of packages/architectures supported is > effectively selected by the sponsors, but the resulting work is > made available to all. > > On Thu, 22 Feb 2018, Philip Hands wrote: > > I'm in favour of making it possible for our users to build structures > > that enable longer support periods if that's what they require. There > > would seem to be a need for an OS that would have support measured in > > decades rather than years, and we should not get in the way of Debian > > being that OS. > > Indeed. And it's the reason why I mentionned CIP in my initial mail. They > are not interested in longer support for wheezy (too early for them) but > they are interested in working with us and helping us to make this > possible as part of Debian. One of the persons I am in contact with > mentioned that CIP members could (at some point) contribute security > updates within Debian. > > Looking a bit further, I see a way forward where we have the security > team (first 3 years), the LTS team (next 2 years), CIP members (next 10 > years) taking over the charge of security updates for a given release. > > And indeed if we prepare the infrastructure for this by finding a way > to host the updates for wheezy for longer than expected, we pave the > way for CIP to take over security maintenance of our old releases. > > > I would however suggest that it should not be part of the normal mirror > > area, since: > > Ack on all this. That's why I suggested to keep only the part on > security.debian.org and drop the part on the main mirror. > But we can also consider setting up slts.debian.org (Super Long Term > Maintenance) and move wheezy entirely over there. > > Could this be a new DAK install managed by ftp-masters that would > be continued to be signed with the official wheezy key? Otherwise > it will be harder for users to transition if they have to install > a new key. Or is there a way to let another team manage the repository and > still get official signatures of the repositories? > > Cheers, > -- > Raphaël Hertzog ??? Debian Developer > > Support Debian LTS: https://www.freexian.com/services/debian-lts.html > Learn to master Debian: https://debian-handbook.info/get/ >
But what is "CIP"? My websearch did bring up "Clean In Place" and "Christelijk Intromatie Platform" ... Groeten Geert Stappers -- Leven en laten leven
