LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices



Reply
 
Search this Thread
Old 01-21-2010, 06:07 AM   #1
jens
Senior Member
 
Registered: May 2004
Location: Belgium
Distribution: Debian, Slackware, Fedora
Posts: 1,239

Rep: Reputation: 178Reputation: 178
Security Support for Debian GNU/Linux 4.0 to be terminated


-------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Security Support for Debian 4.0 to be terminated press@debian.org
January 21st, 2010 http://www.debian.org/News/2010/20100121
-------------------------------------------------------------------------

Security Support for Debian GNU/Linux 4.0 to be terminated on February 15th


One year after the release of Debian GNU/Linux 5.0 alias "lenny" and
nearly three years after the release of Debian GNU/Linux 4.0 alias "etch"
the security support for the old distribution (4.0 alias "etch") is
coming to an end next month. The Debian project is proud to be able to
support its old distribution for such a long time and even for one year
after a new version has been released.

The Debian project released Debian GNU/Linux 5.0 alias "lenny" on the
15th of February 2009. Users and Distributors have been given a one-year
timeframe to upgrade their old installations to the current stable
release. Hence, the security support for the old release of 4.0 is going
to end in February 2010 as previously announced.

Previously announced security updates for the old release will continue
to be available on security.debian.org.


Security Updates
----------------

The Debian Security Team provides security updates for the current
distribution via <http://security.debian.org/>. Security updates for the
old distribution are also provided for one year after the new
distribution has been released or until the current distribution is
superseded, whatever happens first.


Upgrading to Debian 5.0 alias "lenny"
-------------------------------------

Upgrades to Debian GNU/Linux 5.0 from the previous release, Debian
GNU/Linux 4.0 alias "etch" are automatically handled by the aptitude
package management tool for most configurations, and to a certain degree
also by the apt-get package management tool. As always, Debian GNU/Linux
systems can be upgraded painlessly, in place, without any forced
downtime, but it is strongly recommended to read the release notes[1] for
possible issues, and for detailed instructions on installing and
upgrading.

1: http://www.debian.org/releases/lenny/releasenotes
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 01-21-2010, 09:37 AM   #2
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
Doesn't seem like supporting 4.0 for only a year after the 5.0 release is much of an accomplishment, sounds like the exact opposite to me, so I'm not sure why they appear to be boasting about it.
 
Old 01-21-2010, 09:59 AM   #3
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,028
Blog Entries: 5

Rep: Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791
I agree. One year of support for old version would suck if you were using this for your business.

Heck even Fedora which is bleeding edge rolls out new copies every 6 months but maintains the previous one for around a year.

Most commercial UNIX variants support the current and previous major release. RedHat Linux is still supporting RHEL 4 even though RHEL 5 was released in 2007.
 
Old 01-21-2010, 10:21 AM   #4
the trooper
Senior Member
 
Registered: Jun 2006
Location: England
Distribution: Debian Testing/Unstable Amd64
Posts: 1,476

Rep: Reputation: Disabled
Just remember how many different architectures Debian supports.
It's not just a case of supporting i386 and Amd64 for a year after the current release.

http://www.uk.debian.org/distrib/netinst

Maintaining all the above is a huge undertaking especially for a non-commercial organization like Debian.
 
Old 01-21-2010, 10:23 AM   #5
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 3,921

Rep: Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050
Etch was released April 2007, so that's almost 3 years of support (roughly comparable to the LTS releases of Ubuntu). The Debian release and support schedule is well-publicized; there is no reason to be surprised or alarmed by this announcement.
 
2 members found this post helpful.
Old 01-21-2010, 10:42 AM   #6
jens
Senior Member
 
Registered: May 2004
Location: Belgium
Distribution: Debian, Slackware, Fedora
Posts: 1,239

Original Poster
Rep: Reputation: 178Reputation: 178
Quote:
Originally Posted by jlightner View Post
I agree. One year of support for old version would suck if you were using this for your business.
Only if your distrubtion is using a package manager (+packages and repositories) that can't handle upgrades, like "Most commercial UNIX variants" do

Last edited by jens; 01-21-2010 at 10:45 AM.
 
Old 01-21-2010, 11:15 AM   #7
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
Quote:
Originally Posted by the trooper View Post
Just remember how many different architectures Debian supports.
It's not just a case of supporting i386 and Amd64 for a year after the current release.
Well the arch point is valid during the active phase of development, but is there really any reason that long term security support couldn't be maintained for the key architectures?

Realistically, 80% - 90% of the Debian users are going to be using the 2 or 3 primary architectures. I wouldn't expect anyone to complain about not supporting PPC past 4 years, but i386 is a very different story.
 
Old 01-21-2010, 11:42 AM   #8
the trooper
Senior Member
 
Registered: Jun 2006
Location: England
Distribution: Debian Testing/Unstable Amd64
Posts: 1,476

Rep: Reputation: Disabled
Quote:
Well the arch point is valid during the active phase of development, but is there really any reason that long term security support couldn't be maintained for the key architectures?
Time and resources.
Not only do the the developers have to maintain the Stable distribution,there's still Testing and Unstable that need constant development on all architectures.The line has to be drawn somewhere.Debian have decided that the line is one years support on the Oldstable distribution.

So realistically you are looking at approximately a three year lifespan for a release.
Not bad for volunteers i feel .

Last edited by the trooper; 01-21-2010 at 12:45 PM.
 
Old 01-21-2010, 02:15 PM   #9
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,028
Blog Entries: 5

Rep: Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791
Quote:
Originally Posted by jens View Post
Only if your distrubtion is using a package manager (+packages and repositories) that can't handle upgrades, like "Most commercial UNIX variants" do
It has little to do with how you update packages and much to do with the 3rd party and in house applications you use on the system that prevent most upgrades. I had a RHEL 3 system for 4 years that I couldn't just thrown RHEL 4 onto not because of the differences in RHEL itself but because the database and apps would have needed to be upgraded by other teams in tandem with such an OS upgrade. This isn't unique to where I am but is true in most organizations. Its a question of allocating man power to projects. Upgrading for the sake of upgrading is seldom deemed an important driver by the powers that be.
 
Old 01-21-2010, 07:15 PM   #10
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,734
Blog Entries: 12

Rep: Reputation: 457Reputation: 457Reputation: 457Reputation: 457Reputation: 457
Etch was supported for 3 yrs, more than enough time to rewrite any software that depends on newer versions.
 
Old 01-22-2010, 07:30 AM   #11
jens
Senior Member
 
Registered: May 2004
Location: Belgium
Distribution: Debian, Slackware, Fedora
Posts: 1,239

Original Poster
Rep: Reputation: 178Reputation: 178
Quote:
Originally Posted by craigevil View Post
Etch was supported for 3 yrs, more than enough time to rewrite any software that depends on newer versions.
Sadly, I can't agree with that.
Most of the software jlightner was referring to is very expensive and you don't always want to upgrade that unless strictly needed.

RHEL does have an advantage here.

On the long run, I do prefer debian though.
Yum isn't yummy and their "big version" updates just don't work (RHEL support is excellent, but eventually your software will become to old as well).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Support for Debian GNU/Linux 3.1 Ends DragonSlayer48DX Debian 0 03-26-2008 05:54 PM
Security Support for Debian 3.1 to be terminated robertwolfe Debian 1 03-02-2008 10:55 AM
GNU/Linux GUI Security Suite gashgordon Linux - Security 24 09-23-2007 02:46 AM


All times are GMT -5. The time now is 12:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration