Debian does not have long term support

January 16, 2014

Every so often someone says that Debian's stable releases have a long support period. Unfortunately this is what one would call 'wrong', and for at least two reasons.

(For now, let us define 'support' here as 'gets security fixes'.)

First, it is wrong as a plain matter of fact. No Debian release has ever been supported for more than a sliver over four years, and only one release has hit that mark (Debian 3.0 'woody', released mid 2002 and supported through mid 2006, per here). Every release since 2005 has been supported for only about three years. Ubuntu LTS manages five years; Red Hat Enterprise Linux goes even longer.

Second, it is wrong as a philosophical matter because Debian doesn't promise any particular support period. Debian doesn't promise to support a release for X years, just more or less to support it for a year after the next release comes out. If the next release comes out in roughly two years (as has been the case since 2005), you get three years. If the next release comes out in a year, you get two years. And so on. The only way you get long support periods is if Debian is painfully slow to make releases.

This has two consequences. First, Debian support periods are unpredictable. If you install a machine with Debian, you have no sure idea how long you'll have support for (although you can often make an informed guess). Second, the real support period for a machine can be as low as a year, if you have to install a machine shortly before the next release comes out.

(In theory the minimum period is even lower, but this would likely require Debian to do two releases in a year. This seems, well, unlikely.)

Real long term support involves three things. First, you must commit up front to a definite support period (as Ubuntu and Red Hat do). Second, you must actually have a long support period (which is always shorter than it looks in practice); three years doesn't really cut it even if Debian committed to that for releases (which they are not going to do so). Third, you need a significant support overlap between the current release and the previous release because of the real support period issue.

Debian does none of these, which is fair enough; Debian doesn't claim it has long term support. I just wish people would stop claiming that it did on its behalf.


Comments on this page:

By jp@galea.se at 2014-01-17 12:25:04:

This is the only issue holding me back when trying to sell Debian to my colleagues. At work we are running Ubuntu LTS (a mix of 12.04 and 10.04).

I am generally more comfortable with Debian and from experience it feels a little bit more serious over Ubuntu.

In particular, I don't like that Ubuntu LTS runs on Debian's testing branch. Such boxes naturally tend to have more packages to upgrade (compared to Debian stable), increasing our workload.

Also, I might be mistaken on this, but I believe that Ubuntu's long term support is only applicable to "main" and not to universe or contrib. So it's easy to get caught in the trap of running unpatched packages.

Great blog BTW.

By jp@galea.se at 2014-01-18 13:24:41:

To add to the comment I wrote yesterday;

https://wiki.ubuntu.com/LTS

Nowhere on that page does it explain what LTS entails exactly. Does it include security patches for "main" only? Or does it include "contrib" and "universe" too?

On the other hand, this is clearly explained by Debian.

http://www.debian.org/security/faq#contrib

This is one such detail why I rather run Debian over Ubuntu.

Written on 16 January 2014.
« SELinux fails again (Fedora 20 edition)
Link: Armin Ronacher's 'More About Unicode in Python 2 and 3' »

Page tools: View Source, View Normal, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Jan 16 18:26:22 2014
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.