On Tue, Sep 19, 2017 at 11:47 PM, Bill Maidment <b...@maidment.me> wrote: > So much for security issue support for 10 years. Probably best to assume > only 7 years in real life. On Wed, Sep 20, 2017 at 07:24:25AM -0700, Akemi Yagi wrote: > Here's the description about "Production 3 phase": > "During the Production 3 Phase, Critical impact Security Advisories > (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be > released as they become available. Other errata advisories may be delivered > as appropriate." > So, yes, not all security updates are available once RHEL (therefore > Scientific Linux) goes into that phase.
In a larger sense: how much work is it to semi-automate the process of backporting all these security fixes from SL6 and SL7 to earlier distros? This isn't in RedHat's best interest. They want to keep selling software, and benefit from churn. Their biggest customers benefit from thirty second shorter boot times across 100,000 machines (cough systemd cough). Most of us are not big customers, and only upgrade to fix security flaws. New "features" like Gnome 3 tablet- oriented gestures are interruptions to workflow and the reason I make donations to the MATE project rather than purchase products from RedHat. New "features" are new vulnerabilities, especially if the criminals have more time to analyze new features than we do. While SL7 follows what RedHat does (and rightly so), perhaps there are enough of us here (and using CentOS for similar reasons) to fork a "superstable" distro and pay a few people to support the fork. For example, I spend more hours than I would like struggling to learn about systemd (after more than three decades of SysV). I worry about having to learn about systemd's replacement in SL8 or SL9. For me, computing is a utility. I crunch numbers, not "tweet" (or "twang" or whatever will be stylish in 2027), and prefer to change how I do it as often as I change electrical wall sockets and plugs. I prefer to leave a numerical code legacy that is useful (or at least testable) three decades from now, which does not die when Stephen Wolfram does. Sigh. Many 20th and early 21st century "accomplishments" are best forgotten. Perhaps Linux, and our work based on it, will be forgotten as well. Keith -- Keith Lofstrom kei...@keithl.com