When Official Debian Support Ends, Who Will Save You?
With a new version of Debian recently released, it's an exciting time for users who long for newer applications and cutting-edge features. But for some users, the new release is a cause for concern. A new release means their current installation is reaching the end of its lifecycle, and for one reason or another, they can't make the switch. And, this leaves them at risk from a variety of security risks and crippling bugs, but there is hope in the shape of an independent project.
The Debian Long Term Support (LTS) project has been providing support for Debian version 6 (Squeeze) and will continue to do so until early next year. LTS announced that it will be supporting later editions too.
The project provides security patches and bug fixes for the core components of the Debian system, in addition to the most popular packages. The team would like to expand the range of packages covered, but it will require additional support to make that happen.
The project came into existence to extend the support period offered by the official Debian project. A new stable version of Debian is released every two years, and each version is supported for three years.
This is no hardship for users who enjoy cutting-edge applications and features. But for individuals and organizations who depend on a stable system, updating to a new version can be very disruptive. Without continued support, they have little option but to change, as they would not have access to security patches and essential bug fixes.
For instance, complex Web applications running on Debian servers rely on a number of packages, such as PHP, MySQL and Apache. Newer versions of these packages add additional features but may not be backwardly-compatible. As a result, updating to a new version of Debian can break these applications.
Web applications are complex beasts, and updating them can take a huge amount of work, especially when the programming language is updated. This updating process can take months, preventing the development team from working on new features, and even can add new bugs. This often can lead to angry customers and lost business.
I have seen small teams continue to run Web apps on unsupported versions of Debian rather than update large legacy applications. This is extremely risky, as it leaves servers open to a range of attacks that would have been patched.
It's not just Web developers who suffer when their version of a distro is no longer supported. Updating a desktop installation is disruptive and can lead to data loss. This is a disaster for users who don't back up their data properly, and it can be a real pain for those who do. These problems scale up for offices and organizations who need to upgrade.
The LTS project extends the official support for Debian versions by an additional two years, giving users and companies a little breathing space before making the change. But the LTS project needs more support in order to cover the needs of all users. For instance, it currently is unable to support graphical Web browsers.
A Web browser is a primary attack vector for "drive by" infections, which is why it must be regularly updated with security patches. This lack of coverage is risky for home users and a potential nightmare in the workplace.
The project requires financial support and volunteer developers. This will help it support additional packages to cover the needs of more users. If you stand to benefit from long-term support, you can help secure the security of your operating system by contributing to the project.