Odp.: [SECURITY] [DSA 2315-1] openoffice.org security update
Y. Wysłano z BlackBerry® w Orange -Original Message- From: Giuseppe Iuculano iucul...@debian.org Date: Wed, 5 Oct 2011 16:14:50 To: debian-security-annou...@lists.debian.org Reply-To: debian-security@lists.debian.org Subject: [SECURITY] [DSA 2315-1] openoffice.org security update -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2315-1 secur...@debian.org http://www.debian.org/security/ Giuseppe Iuculano October 05, 2011 http://www.debian.org/security/faq - - Package: openoffice.org Vulnerability : multiple vulnerabilities Problem type : remote Debian-specific: no CVE ID : CVE-2011-2713 Red Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiple vulnerabilities in the binary Microsoft Word (doc) file format importer of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft(R) Office. For the oldstable distribution (lenny), this problem has been fixed in version 1:2.4.1+dfsg-1+lenny12. For the stable distribution (squeeze), this problem has been fixed in version 1:3.2.1-11+squeeze4. For the testing distribution (wheezy), and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your openoffice.org packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6MZloACgkQNxpp46476aquFACePG1/V0rwdm5fHcCD/1Z6JwdM 9HkAnicN4tRFTNJlamHHe7TnBnFZmQS0 =vJkV -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111005141450.ga25...@sd6-casa.iuculano.it
Re: Debian LTS?
Hi all, a Debian LTS-Version would be so welcome and is definitly something that's missing for Debian. best, Werner Am 04.10.11 12:59, schrieb Dominic Hargreaves: Hi all, I recall coming across the proposal/discussion in http://wiki.debian.org/DebianSecurity/Meetings/2011-01-14 shortly after that wiki page was published, and thought it was something which was worth persuing. I don't *think* I saw a follow-up email about it to debian-private or a -bits mail, so I assume that noone had the time to take it forward, but I thought it was worth checking whether anything had happened. Are there others on this list who would be willing to help support such an initiative? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e8c903d.1040...@aloah-from-hell.de
Re: Debian LTS?
On 05/10/11 19:13, wer...@aloah-from-hell.de wrote: Hi all, a Debian LTS-Version would be so welcome and is definitly something that's missing for Debian. best, Werner Isn't it called stable ? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e8c9ad7.6020...@rail.eu.org
Re: Debian LTS?
Isn't it called stable ? I was thinking that too, but reading the link, it seems that the idea for LTS is 5 years. Currently a distribution is supported while it is stable, plus the time the security team will support it in oldstable before it is archived. http://wiki.debian.org/DebianOldStable says that oldstable is usually maintained for about a year. IIRC, the current release schedule has stable releases 2 years apart, so total maintenance time is 2 years (stable) + 1 year (oldstable) = 3 years. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/45dc4ab0-b050-4657-a9c6-97b33d320...@ryanhiebert.com
Re: Debian LTS?
On Wed, Oct 05, 2011 at 07:58:47PM +0200, Erwan David wrote: On 05/10/11 19:13, wer...@aloah-from-hell.de wrote: a Debian LTS-Version would be so welcome and is definitly something that's missing for Debian. Isn't it called stable ? In the context, LTS means a longer support life than typical stable releases (eg 5 years, rather than the 2-3 that stable gets at the moment). -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111005180924.gs14...@urchin.earth.li
Re: Debian LTS?
Hi, IIRC, the current release schedule has stable releases 2 years apart, so total maintenance time is 2 years (stable) + 1 year (oldstable) = 3 years. And that's 2 years less for LTS ... especially in bigger Setup's LTS-Support is mandatory so there (because there is no Debian LTS's) Debian cannot be used due to the lack of Support. Instead - Redhat or Ubuntu or any other distribution with LTS-Support is used there. Bye, Werner -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e8caadb.30...@aloah-from-hell.de
Re: Debian LTS?
Hi, IIRC, the current release schedule has stable releases 2 years apart, so total maintenance time is 2 years (stable) + 1 year (oldstable) = 3 years. And that's 2 years less for LTS ... especially in bigger Setup's LTS-Support is mandatory so there (because there is no Debian LTS's) Debian cannot be used due to the lack of Support. Instead - Redhat or Ubuntu or any other distribution with LTS-Support is used there. Maybe for you... in one bigger setup here... we use Debian and plan updates every 2/3 years without problems. Regards, Brivaldo Junior -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAPBG-pwHbFHOG4-kCCMKQe41dQ3=y1k-wzr_p4zxpcv3c8n...@mail.gmail.com
Re: [SECURITY] [DSA 2315-1] openoffice.org security update
I assume this would include LibreOffice? – Chris On Wed, Oct 5, 2011 at 9:14 AM, Giuseppe Iuculano iucul...@debian.orgwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2315-1 secur...@debian.org http://www.debian.org/security/ Giuseppe Iuculano October 05, 2011 http://www.debian.org/security/faq - - Package: openoffice.org Vulnerability : multiple vulnerabilities Problem type : remote Debian-specific: no CVE ID : CVE-2011-2713 Red Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiple vulnerabilities in the binary Microsoft Word (doc) file format importer of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft(R) Office. For the oldstable distribution (lenny), this problem has been fixed in version 1:2.4.1+dfsg-1+lenny12. For the stable distribution (squeeze), this problem has been fixed in version 1:3.2.1-11+squeeze4. For the testing distribution (wheezy), and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your openoffice.org packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6MZloACgkQNxpp46476aquFACePG1/V0rwdm5fHcCD/1Z6JwdM 9HkAnicN4tRFTNJlamHHe7TnBnFZmQS0 =vJkV -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111005141450.ga25...@sd6-casa.iuculano.it
Re: Debian LTS?
On 05/10/2011 21:02, Brivaldo Junior wrote: Maybe for you... in one bigger setup here... we use Debian and plan updates every 2/3 years without problems. Yes, but having release supported for 5 years would not hurt you then and would help other people for whom whether distro has 5 years support or not is a go or no go. I have been forced to use switch from Debian to RedHat and clones in my last job specifically because usual life time of a server was 3.5 - 4 years. Massive +1 from me for this idea. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e8cbad6.60...@timedout.org
Re: Debian LTS?
Yes. Are you considering Total Cost of Ownership, comparing to the option of LTS? Best regards. On 05/10/11 21:02, Brivaldo Junior wrote: Hi, IIRC, the current release schedule has stable releases 2 years apart, so total maintenance time is 2 years (stable) + 1 year (oldstable) = 3 years. And that's 2 years less for LTS ... especially in bigger Setup's LTS-Support is mandatory so there (because there is no Debian LTS's) Debian cannot be used due to the lack of Support. Instead - Redhat or Ubuntu or any other distribution with LTS-Support is used there. Maybe for you... in one bigger setup here... we use Debian and plan updates every 2/3 years without problems. Regards, Brivaldo Junior -- Alexandre Cotta Godinho Telem.: (+351) 910 873 189 IM»» AIM : acottag GTalk: acot...@gmail.com MSN : acot...@hotmail.com smime.p7s Description: S/MIME Cryptographic Signature
Re: [SECURITY] [DSA 2315-1] openoffice.org security update
On Wed, Oct 05, 2011 at 02:51:03PM -0500, Chris Swenson wrote: I assume this would include LibreOffice? Yes, actually the For the testing distribution (wheezy), and the unstable distribution (sid), this problem will be fixed soon. is wrong and should read For the testing distribution (wheezy), and the unstable distribution (sid), this problem is fixed in version 1:3.4.3-1 of libreoffice Grüße/Regards, René -- .''`. René Engelhard -- Debian GNU/Linux Developer : :' : http://www.debian.org | http://people.debian.org/~rene/ `. `' r...@debian.org | GnuPG-Key ID: D03E3E70 `- Fingerprint: E12D EA46 7506 70CF A960 801D 0AA0 4571 D03E 3E70 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111005205856.gb6...@rene-engelhard.de
Re: Debian LTS?
On Wed, Oct 5, 2011 at 10:45 PM, acot...@gmail.com wrote: Yes. Are you considering Total Cost of Ownership, comparing to the option of LTS? Best regards. So Debian should have rolling releases, LTS with that name, and network manager by default, and as there are no bugs to work on, and Debian as upstream can't be improved, lets keep Debian developers backporting security patches _where and when possible_ during 5 years for the whole main archive for every arch, while others work in frondesks, pythonization, etc as main line. mmm archs... Or in adition with rollings, LTS, and default network managers, debian should get just x86 and amd64 then? What's next? telepathic man pages to be free as in blob? If I think in many programs I use to use (libc, SSL,iceweasel, nginx, etc, etc, etc) and its history in 5 years, and this thing about debian LTSs and I just discard the idea, maybe I'm wrong and Debian is plenty of resources and excellence to do that job with all posible upstream paranoids. On 05/10/11 21:02, Brivaldo Junior wrote: Hi, IIRC, the current release schedule has stable releases 2 years apart, so total maintenance time is 2 years (stable) + 1 year (oldstable) = 3 years. And that's 2 years less for LTS ... especially in bigger Setup's LTS-Support is mandatory so there (because there is no Debian LTS's) Debian cannot be used due to the lack of Support. Instead - Redhat or Ubuntu or any other distribution with LTS-Support is used there. Maybe for you... in one bigger setup here... we use Debian and plan updates every 2/3 years without problems. Regards, Brivaldo Junior -- Alexandre Cotta Godinho Telem.: (+351) 910 873 189 IM»» AIM : acottag GTalk: acot...@gmail.com MSN : acot...@hotmail.com -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cakdtd8tcspy8n6ykq-7z2xw1wrg7sctgl0asasmh79gblmd...@mail.gmail.com
Re: Debian LTS?
On Wed, 05 Oct 2011 21:07:07 +0200 wer...@aloah-from-hell.de wrote: And that's 2 years less for LTS ... especially in bigger Setup's LTS-Support is mandatory so there (because there is no Debian LTS's) Debian cannot be used due to the lack of Support. Instead - Redhat or Ubuntu or any other distribution with LTS-Support is used there. 3 years of direct support of stable and so 1-2 years of oldstable support mean a amount of 4-5 years, please define again what you mean for LTS... -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111006001545.df36faf054596a48d1624...@sythos.net
Re: Debian LTS?
On Wed, Oct 05, 2011 at 09:15:18PM +0100, Bart Swedrowski wrote: I have been forced to use switch from Debian to RedHat and clones in my last job specifically because usual life time of a server was 3.5 - 4 years. Same here. In my exerience, large sites typically use a 3-5 year lifetime for hardware, and the OS is never upgraded once a host goes into production. If you've got thousands of hosts, all of which are doing just fine in terms of software functionality and are in a static, generally unchanging production configuration, there's very little benefit to performing an OS upgrade. On the other hand, many of these large environments don't see a lot of value in Debian's major contributions. The Social Contract is not typically not a very important consideration when large enterprises choose a software platform. The OS environments are pretty strictly defined and generally don't change much, so they don't see a lot of value in Debian's package management tools. Canonical and Redhat both need to earn money, and it's worth a lot of money to big companies to have an LTS software platform. Debian doesn't need money, and (afaict) there's not a particularly large community of volunteers interested in the difficult task of maintaining an LTS platform. It's a generally thankless task that involves working on ancient versions of packages, often coming up with new fixes to old bugs so you can maintain existing interfaces, when the obvious fix would involve changing the behavior of a program or a library's API or some such. noah signature.asc Description: Digital signature
Re: Odp.: [SECURITY] [DSA 2315-1] openoffice.org security update
Dnia 2011-10-05, o godz. 15:35:39 Czarek Wysocki cwyso...@cwysocki.pl napisał(a): Y. http://netykieta.pl/ Zapoznaj się. Wysłano z BlackBerry® w Orange Łał. A mash fotke? BP,NMSP. -- Regards, Piotr Drozdek -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111005232417.1e04ed3e@debian
Re: Debian LTS?
On Thu, Oct 6, 2011 at 12:24 AM, Noah Meyerhans no...@debian.org wrote: On Wed, Oct 05, 2011 at 09:15:18PM +0100, Bart Swedrowski wrote: I have been forced to use switch from Debian to RedHat and clones in my last job specifically because usual life time of a server was 3.5 - 4 years. Same here. In my exerience, large sites typically use a 3-5 year lifetime for hardware, and the OS is never upgraded once a host goes into production. If you've got thousands of hosts, all of which are doing just fine in terms of software functionality and are in a static, generally unchanging production configuration, there's very little benefit to performing an OS upgrade. In my experience: if a company does not perform operative system upgrades, the company does not have more than 5 years and does not understand how open source, and in special linux kernel, works. You can migrate data between service versions or environments, have rollbacks, backups and etc. The monolitic one server, all services, never upgrade maybe just an architecture issue, totally outside of the Debian issues. If Debian needs to match company rules, to be in the edge like the others, lets start by do not purge firmwares. On the other hand, many of these large environments don't see a lot of value in Debian's major contributions. The Social Contract is not typically not a very important consideration when large enterprises choose a software platform. The OS environments are pretty strictly defined and generally don't change much, so they don't see a lot of value in Debian's package management tools. Canonical and Redhat both need to earn money, and it's worth a lot of money to big companies to have an LTS software platform. Debian doesn't need money, and (afaict) there's not a particularly large community of volunteers interested in the difficult task of maintaining an LTS platform. It's a generally thankless task that involves working on ancient versions of packages, often coming up with new fixes to old bugs so you can maintain existing interfaces, when the obvious fix would involve changing the behavior of a program or a library's API or some such. noah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFOjNkDYrVLjBFATsMRAlCKAJ9JiBadPRfnGM9s62Xts0DQGq1p5gCfX9Z4 e2tpdSHDJGGCdEZ/+qtvwO4= =q9rb -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAKDTd8SnqYYY5rwwWrh9jmLkdU57=7WZBW0J863+omnHw9=z...@mail.gmail.com
Re: Debian LTS?
On Thu, Oct 6, 2011 at 12:33 AM, Poison Bit poison...@gmail.com wrote: In my experience: if a company does not perform operative system upgrades, the company does not have more than 5 years and does not understand how open source, and in special linux kernel, works. Or has management issues, but that's another history. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAKDTd8RMkM=0791bmthck2zrdzwnw0ngwniheveh8mec0q-...@mail.gmail.com
Re: Debian LTS?
On Thu, Oct 06, 2011 at 12:33:39AM +0200, Poison Bit wrote: In my experience: if a company does not perform operative system upgrades, the company does not have more than 5 years and does not understand how open source, and in special linux kernel, works. I'm certain I can name several large companies that have been around for more than 5 years and whose services you rely on that do not perform os upgrades on hardware once it enters production. You can migrate data between service versions or environments, have rollbacks, backups and etc. Across a fleet of 15000 hosts? With no downtime? Without impacting the schedule of whatever software you actually run on these hosts? The monolitic one server, all services, never upgrade maybe just an architecture issue, totally outside of the Debian issues. That's not what I'm describing at all. Those places can and should upgrade. I'm talking 1 service to 1 host, multiplied by thousands. These are the companies that want LTS support. noah signature.asc Description: Digital signature
Re: Debian LTS?
On Wed, 05 Oct 2011 19:13:33 +0200 wer...@aloah-from-hell.de wrote: Hi all, a Debian LTS-Version would be so welcome and is definitly something that's missing for Debian. in 18 years Debian released 6 stable, an avarage of 3 years between a stable and the next one, i think is already longer than others call LTS a distro. 3 years between stables is already (imho, maybe) too much, is already an overload of work for maintainers to backport patches and other on software often classified old if not obsolete too. The major benefit of opensource software is the darwin effect, good software evolve quickly, bad software die, force a maintainer to work on a software for 2 years more than usual may mean force a unusefull work, *imho* 3 years are already too much for a lot of enviroments (like development) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111006001345.e95cc727f5dafe6b07621...@sythos.net
Re: Debian LTS?
On Thu, Oct 6, 2011 at 12:40 AM, Noah Meyerhans no...@debian.org wrote: On Thu, Oct 06, 2011 at 12:33:39AM +0200, Poison Bit wrote: In my experience: if a company does not perform operative system upgrades, the company does not have more than 5 years and does not understand how open source, and in special linux kernel, works. I'm certain I can name several large companies that have been around for more than 5 years and whose services you rely on that do not perform os upgrades on hardware once it enters production. Unlisted N reason: or does not care about network security You can migrate data between service versions or environments, have rollbacks, backups and etc. Across a fleet of 15000 hosts? With no downtime? Without impacting the schedule of whatever software you actually run on these hosts? Don't they got daily updates? are they network exposed? Don't they jump LTS neither never? The monolitic one server, all services, never upgrade maybe just an architecture issue, totally outside of the Debian issues. That's not what I'm describing at all. Those places can and should upgrade. I'm talking 1 service to 1 host, multiplied by thousands. These are the companies that want LTS support. That companies of that size, may want to help Debian to help them, keeping packages many years supported without being like a debian oldstable php. Maybe that companies may have ALL Debian developers happy and got the LTS as a result, good luck. noah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFOjNzSYrVLjBFATsMRAn3YAJ4/UFmXXcDpOjS0tswUO10Qr8GzDwCeOqF/ B2sMvKQI1+bEr4lZF9O1viw= =obBh -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cakdtd8q4t6mqbwopa4t_z_f9p-r5d6jr2txxuqphmat1d5g...@mail.gmail.com
Re: Debian LTS?
On Thu, Oct 06, 2011 at 12:15:45AM +0200, Sythos wrote: And that's 2 years less for LTS ... especially in bigger Setup's LTS-Support is mandatory so there (because there is no Debian LTS's) Debian cannot be used due to the lack of Support. Instead - Redhat or Ubuntu or any other distribution with LTS-Support is used there. 3 years of direct support of stable and so 1-2 years of oldstable support mean a amount of 4-5 years, please define again what you mean for LTS... Debian's goal is to have an 18 month release cycle. stable becomes oldstable when the next version is released, and oldstable is supported for 1 year. That's 28 months. Where do you get the idea of 3 years of direct support as stable? Those days are (hopefully) long gone. noah signature.asc Description: Digital signature
Re: Debian LTS?
On Wed, Oct 05, 2011 at 03:20:08PM -0700, Noah Meyerhans wrote: Debian's goal is to have an 18 month release cycle. stable becomes oldstable when the next version is released, and oldstable is supported for 1 year. That's 28 months. Where do you get the idea of 3 years of direct support as stable? Those days are (hopefully) long gone. Err, that's 30 months, sorry. But the point stands. :) noah signature.asc Description: Digital signature
Re: Debian LTS?
On 10/05/2011 05:39 PM, Poison Bit wrote: On Thu, Oct 6, 2011 at 12:33 AM, Poison Bit poison...@gmail.com wrote: In my experience: if a company does not perform operative system upgrades, the company does not have more than 5 years and does not understand how open source, and in special linux kernel, works. Or has management issues, but that's another history. Re: Sony. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e8cee88.4030...@envygeeks.com
Re: Debian LTS?
On Thu, Oct 06, 2011 at 12:47:09AM +0200, Poison Bit wrote: You can migrate data between service versions or environments, have rollbacks, backups and etc. Across a fleet of 15000 hosts? With no downtime? Without impacting the schedule of whatever software you actually run on these hosts? Don't they got daily updates? are they network exposed? Don't they jump LTS neither never? Not in my experience. For example, at a recent large server environment that I worked in, there were several thousand RHEL 4 boxes. These hosts were nearing end-of-life. When they were replaced, the new hosts were planned to run RHEL 5 or maybe RHEL 6. There was never any plan to perform an OS upgrade on the existing hardware. RHEL's support cycle was long enough that the systems never had to be unsupported. That's not what I'm describing at all. Those places can and should upgrade. I'm talking 1 service to 1 host, multiplied by thousands. These are the companies that want LTS support. That companies of that size, may want to help Debian to help them, keeping packages many years supported without being like a debian oldstable php. Maybe that companies may have ALL Debian developers happy and got the LTS as a result, good luck. I agree. Long-term support is not sexy, and it's not something that most FLOSS developers (or developers in general, in my experience) have any interest in working on. The best way that most companies know to motivate them is to pay them. This is why RHEL, Canonical, and other companies charge so much for support contracts. I'm not sure how anybody could motivate a large enough group Debian developers to work on an LTS release. noah signature.asc Description: Digital signature
Re: Debian LTS?
On 06/10/11 00:13, Sythos wrote: On Wed, 05 Oct 2011 19:13:33 +0200 wer...@aloah-from-hell.de wrote: Hi all, a Debian LTS-Version would be so welcome and is definitly something that's missing for Debian. in 18 years Debian released 6 stable, an avarage of 3 years between a stable and the next one, i think is already longer than others call LTS a distro. 3 years between stables is already (imho, maybe) too much, is already an overload of work for maintainers to backport patches and other on software often classified old if not obsolete too. The major benefit of opensource software is the darwin effect, good software evolve quickly, bad software die, force a maintainer to work on a software for 2 years more than usual may mean force a unusefull work, *imho* 3 years are already too much for a lot of enviroments (like development) Moreover, if you wait to long you may have an important software, with an outdated not upstream supported major version, where backports are not possible because upstream architecture changed completely. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e8d2ed8.9090...@rail.eu.org
Re: Odp.: [SECURITY] [DSA 2315-1] openoffice.org security update
W dniu 6 października 2011 00:24 użytkownik Piotr Drozdek pior...@o2.plnapisał: Dnia 2011-10-05, o godz. 15:35:39 Czarek Wysocki cwyso...@cwysocki.pl napisał(a): Y. http://netykieta.pl/ Zapoznaj się. Zapoznałem. Kiedy test sprawdzający? ; Wysłano z BlackBerry(R) w Orange Łał. A mash fotke? W dzisiejszych czasach chyba trudno nie mieć :P BP,NMSP. Przepraszam, wstyd mi jak cholera, moja kieszeń musiała odpowiedzieć na maila... Pozdrawiam, -- Czarek Wysocki