-
Not Synced
[announcer] Welcome, our next talk will
be about the Debian Long Term support
-
Not Synced
team and the speaker is
Raphaël Hertzog.
-
Not Synced
[Raphaël Hertzog] Hello.
-
Not Synced
Today I will speak a bit about Debian
long term support.
-
Not Synced
I guess most of you already know about
it.
-
Not Synced
Are there some people who have no
idea what this is about?
-
Not Synced
No, good.
-
Not Synced
I will make my talk in 3 parts.
-
Not Synced
First I will present the team, how it
works
-
Not Synced
I will give some facts about how it
evolved over the first years.
-
Not Synced
I took some time to collect statistics
and believe they are rather interesting
-
Not Synced
I will also speak about the future
-
Not Synced
but there will be a separate discussion
about this in a BoF later this week.
-
Not Synced
I will show you how to help because, like
any other team in Debian it is open
-
Not Synced
to anyone. We welcome help.
-
Not Synced
At the end I will answer your questions.
-
Not Synced
What is LTS about?
-
Not Synced
The idea is really simple.
-
Not Synced
We wanted to extend the support period
of all Debian releases.
-
Not Synced
Currently it is basically for 1 year after
the next stable release comes out.
-
Not Synced
We wanted to extend this to 5 years to
match, at least, Ubuntu's offering.
-
Not Synced
which is not our competitor, but for the
companies that are making choices
-
Not Synced
it is one of the important criteria.
So we wanted to do as well.
-
Not Synced
Since we publish new stable releases
every 2 years it is roughly 3 years.
-
Not Synced
A nice side benefit is that the user can
skip a full release.
-
Not Synced
We don't officially support dist-upgrade
over going from Debian 6 to 8
-
Not Synced
but you can do 2 dist-upgrades at
the same time, limiting the downtime
-
Not Synced
to once every 5 years.
-
Not Synced
By the way, in practice, in simple server
configurations, dist-upgrades tend to
-
Not Synced
work rather well even across 2 releases.
-
Not Synced
Keeping a distribution secure for 5 years
is a real challenge.
-
Not Synced
It is hard work that not everybody is
willing to do.
-
Not Synced
In Debian all the work is done by
volunteers who do the work they enjoy.
-
Not Synced
Generally we enjoy working on new
features on top of latest releases
-
Not Synced
and not really on backporting patches to
crud that was written 5 years ago.
-
Not Synced
The security team has limited resources
so we could not just ask the security
-
Not Synced
team to now do twice the work.
-
Not Synced
But they were still really interested in
the project and wanted to support the idea
-
Not Synced
and really helped to get it bootstrapped.
-
Not Synced
The security team has a slightly larger
scope.
-
Not Synced
They support all architectures, which
means you have lots of problems of
-
Not Synced
coordination when security updates do
not compile and stuff like that.
-
Not Synced
What did we do?
-
Not Synced
We restricted the scope by picking
the 2 most popular architectures
-
Not Synced
that most users care about.
-
Not Synced
We have had some demand for ARM
architectures but up to now we only
-
Not Synced
support amd64 and i386.
-
Not Synced
We also excluded some packages from
security support.
-
Not Synced
Either because they are taking too much
time, like a security issue every 2 weeks
-
Not Synced
or that upstream is not cooperative
enough to be able to support it.
-
Not Synced
This list was basically made by the
current security team based on their
-
Not Synced
experience of doing security support.
-
Not Synced
If you look at the list there are some
important restrictions.
-
Not Synced
There's no xen, no kvm, no rails,
no browser. It sucks a bit.
-
Not Synced
But it's a way to get it started.
-
Not Synced
I think we can do better for wheezy.
-
Not Synced
Basically there is no virtualization
support on the host, only on the guest.
-
Not Synced
The security team helped to bootstrap
the LTS team but it is not the same team.
-
Not Synced
Obviously there are members of the
security team who also work on the LTS
-
Not Synced
team. They work in close collaboration.
-
Not Synced
We have regular contact and they watch our
mailing lists etc.
-
Not Synced
But the policies are different and the
infrastructure is separate,
-
Not Synced
which is a problem but I will talk about
that later.
-
Not Synced
We have a dedicated mailing list
-
Not Synced
and a dedicated IRC channel as well.
-
Not Synced
You are welcome to subscribe and to
join.
-
Not Synced
It's a new team which means new people
and new members.
-
Not Synced
Where do they come from?
-
Not Synced
The first idea was to get help from
people in various companies
-
Not Synced
who are already doing such in-house
support.
-
Not Synced
We had contact with EDF, and still have,
but they were one of the first
-
Not Synced
companies who were pushing for this
because they basically said
-
Not Synced
we are doing this already and we can
share with other companies.
-
Not Synced
The idea was to pool security support of
multiple companies.
-
Not Synced
We sent a press release asking
companies to join.
-
Not Synced
We had a few responses.
-
Not Synced
But I'll come back later to how it evolved
It's not really satisfying.
-
Not Synced
The other thing that we did is that we
offered companies the option to
-
Not Synced
fund the project to bring money and use
this to pay the work of
-
Not Synced
actual Debian contributors to do the
security updates that we need.
-
Not Synced
We have wiki pages listing all the ways
that companies can help with money.
-
Not Synced
In practice, most of the (wanting to be)
paid contributors joined together
-
Not Synced
under a single offer managed by
Freexian SARL which is my own company.
-
Not Synced
I'll quickly explain how this works.
-
Not Synced
Most companies don't want to bother
bringing human resources ??? (08:25)