Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] Re: SuSE Security Announcement: xf86(SuSE-SA:2002:032)
  • From: Rouvas Stathis <rouvas@xxxxxxxxx>
  • Date: Thu, 19 Sep 2002 14:52:34 +0300
  • Message-id: <3D89BA82.64880F55@xxxxxxxxx>
Ken Schneider wrote:
>
> SuSE should NOT have to support all versions back to the time they
> started a distribution i.e. earlier than 7.0. People have had enough
> time to upgrade to something more resent to be better able to have
> recent security fixes.

WOW! "Back to the time they started a distribution"?
"Earlier than 7.0"? You do know that there existed vesrions like 6.4,
6.3 or even 5.xx?
That must be, eeeh, at pre-hestoric times maybe? BTW, these performed as
solid as a rock all these years and continue to do so day after day, at
least in the systems I work with. And yes, I haven't upgraded because
there is *no* need to. Security is only part of the equation, you know.

But the real point is the two-year product support lifecycle SuSE has
decided to adopt. I'm really frustrated at this. Even Microsoft has a
4-year support lifecycle. Don't tell me there are SLEs. There weren't
any around when we started deploying SuSE machines. Forget about desktop
machines for a while. Once you have a server machine all setup and you
start using it then it's damn difficult to do anything that might bring
it down or alter its behaviour. In fact, my personal experience is that
unless an update is named as "security-critical", nothing much has a
chance.
So in effect, no you don't update systems, you just make sure that what
you have works within requirements. And you wait for the next update
cycle in your company/organization/Public Administration which may be
something like 5 years or longer. IIRC, when Microsoft announced that it
will start using a 4-year product support cycle, there was a big fuzz
about it and many complaint that 4 years was too short for businesses.
Now SuSE has an even shorter cycle, but no-one seems to care. At least I
haven't seen anything in this or the "suse-e" mailing list.

Yes, I do know this is way OT, but I couldn't stay silent at this one.
I'll stop here before it gets even longer than it already is.

[rest-of-mail-deleted]

-Stathis

--
Rouvas Stathis
rouvas@xxxxxxxxx
http://www.di.uoa.gr/~rouvas

< Previous Next >
Follow Ups