On Thu, Dec 14, 2023 at 12:48:08PM -0700, Soren Stoutner wrote: >... > This plan does not address oldstable security support. >...
Non-LTS oldstable is the 3rd year of stable security support, this is required for giving users time to schedule the invasive upgrades to a new Debian stable at a convenient time. LTS oldstable (after regular security support has ended) is a paid endeavour outside the scope of what Debian volunteers are expected to support. >... > 3. When the LTS in stable is no longer supported, security patches can be > backported from the current LTS to the one in stable. > > This sounds like a doable amount of security work and I would be willing to > undertake it. >... By calling this "doable" you are demonstrating that you do not fully grasp why browser engines are considered unsupportable. In recent years, chromium had on average more than 1 CVE per day: https://security-tracker.debian.org/tracker/source-package/chromium > Soren Stoutner cu Adrian
