[owncloud-devel] ownCloud 6 security support, and 7 timeframe

David Prévot david at tilapin.org
Thu Apr 3 01:40:38 GMT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi ownCloud developers,

Le 26/03/2014 13:28, Klaas Freitag a écrit :
> On 26.03.2014 17:25, Thomas Müller wrote:

>> I honestly question if ownCloud should be release under the scope of Debian main.
>> We are a volatile project and we will ship releases faster than Debian.
> 
> This is of course not a "debian only" problem, other distros have the
> same issue. I am also lacking the great idea how to solve that.

Most projects ship releases “faster than Debian” (luckily), that
shouldn’t prevent anyone to provide long time service for a (selected)
branch of one project. For example the Linux project releases often, a
lot, and most major versions have a way shorter lifetime than ownCloud.
That doesn’t prevent Linux to offer a few longterm versions (and
ownCloud doesn’t even have to bother with support of new hardware ;).

We wouldn’t expect ownCloud to provide backports of new features or bug
fixes, we would “just” welcome (help with) backports of security fixes.
Since ownCloud usually discloses and documents properly [1,2] the
security issues and fixes, I’d be happy to (get some help in order to)
integrate the needed fixes into the stable branch that would be shipped
with Debian Jessie (possibly version 7). Don’t you believe it would be
possible (we’d be aiming at supporting the security of the stable7
branch about two years after its targeted lifetime)?

e.g.,	1: http://owncloud.org/about/security/advisories/oC-SA-2013-028/
	2: http://owncloud.org/about/security/advisories/oC-SA-2013-019/

Regards

David


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJTPLwVAAoJEAWMHPlE9r08fsEH/iTU0Ah6bU3s1AI5x8h7AU9P
l680KNoIsCJ3gUI53JHJpZ+msS9jZBqQVhRnHcRqyiMQvzH3OrE9LLzDR9X43nsd
eFe1QYD7UpKqAboddCqJGmOyjtxF+QPqzTLW3POCEpj7SCTKv8n1j3ICtLHvgrK/
o/H9Xc4kUM+WX/3zZMOogfM5dL4zh2y5rLBcghAHJktdQ/QKo0625XYTlb6eC5Ke
CpRtQB+uMcLaAIrc5y2tSD6r250mkR/yHfXxT5CLQbcLZQcM8Bv9p90ggWBfjOkw
o7vgYzsal/FC8Y5t9BFNmuMgTfWNhAVuYP1HZdd3vxQuJ1Nh7uKb55SPZn5Hed4=
=2ki/
-----END PGP SIGNATURE-----


More information about the Devel mailing list