Is openSUSE changing its 2yr maintenance from 11.2 onwards?

> openSUSE 11.2 (currently in development, to be released Nov 12th 2009)
> for the next two openSUSE releases plus two months overlap period.

What does this mean in actual length of support?

> security-announce] Advance notice of discontinuation of openSUSE 10.3
> Dear opensuse-security-announce subscribers and openSUSE users,
> SUSE Security announces that openSUSE 10.3 will be discontinued soon.
> Having provided security-relevant fixes for two years, we will stop
> releasing updates after October 31st 2009.
> As a consequence, the openSUSE 10.3 distribution directory on our
> server will be removed from /distribution/10.3/
> to free space on our mirror sites. The 10.3 directory in the update tree
> /update/10.3 will follow, as soon as all updates have been published.
> The discontinuation of openSUSE 10.3 enables us to focus on the openSUSE
> distributions of a newer release dates to ensure that our users can
> continuously take advantage of the quality that they are used to with
> openSUSE products.
> This announcement holds true for openSUSE 10.3 only. As usual, Novell/SUSE
> will continue to provide update packages for the following products:
> openSUSE 11.0 (supported until June 30th 2010)
> openSUSE 11.1 (supported until December 31st 2010)
> openSUSE 11.2 (currently in development, to be released November 12th 2009)
> for the next two openSUSE releases plus two months overlap period.
> Please note that the maintenance cycles of SUSE Linux Enterprise products
> and products based on the SUSE Linux Enterprise Server operating system
> are not affected by this announcement and have longer life cycles.
> To learn more about SUSE Linux business products, please visit
> . For a detailed list of the life cycles
> of our Enterprise Products please visit
> and
> If you have any questions regarding this announcement, please do not
> hesitate to contact SUSE Security at <>.

What it says. If the length of time between releases is 10 months on the average, then you get 10*2+2 = 22 months of support on average. Of course release dates will vary somewhat for one reason or another: more work to be done, to avoid bad release periods, etc.

ken yap wrote:
> What it says. If the length of time between releases is 10 months on the
> average, then you get 102+2 = 22 months of support on average. Of
> course release dates will vary somewhat for one reason or another: more
> work to be done, to avoid bad release periods, etc.
Thanks for clarification (I was assumming along same lines). But if we
have 8
2+2 = 18 mths, it will be same as Ubuntu (for their non-LTS
releases) and Mandriva support currently on offer.


Don’t worry, we’ll get that openSLES in the works… rotfl!

Two releases plus a bit is pretty much standard for distros, e.g. Fedora also. If you want longer term, either go for an enterprise distro, do your own support, or be prepared to upgrade in time.

This means 8 × 3 + 2 - as comparison with the example dates given later shows.

Well I am not sure if it’s 8 mos or 10 mos but why * 3? There are only two intervals between n and n+2.

I was not too keen on the shorter support maintenance support dates, as the biggest impact on me is the support I provide my (83 year old) mother for her openSUSE install. She lives in a different continent, and I provide her remote support via the Internet (via ssh, vnc, nx). I can not easily (without major risk) remotely update her openSUSE to a new openSUSE release. Being one continent away, I do not take risks with her PC. A mistake on my part could be catastrophic for her.

I also try to visit her once/year. Each time I visit, I try to update her openSUSE release. I am trying to avoid having too long a stretch where her openSUSE is not supported with security updates. Hence if I end up missing a year, it means 24 months between her openSUSE being updated to a new version, which could mean her PC will go for many months without a security update.

Fortunately Linux is not a big target for hackers, and in particular the rather ancient PC of an 83 year old grandmother is not a big target in the overall scheme of things. :slight_smile:

She is currently an openSUSE-11.1 KDE-3.5.x user, I was thinking I would have to leave her on openSUSE-11.1 until openSUSE-11.1 support stopped, as I did not want to risk putting KDE-4.x on her PC until I knew KDE4 to be stable.

That KDE4 stability is no longer a consideration for me. I installed the KDE-4.3 openSUSE community live CD on my sandbox PC, and I played with the functions that my mother uses, and KDE4.3 is stable for that. I’m also able to arrange the desktop icons (and background) on KDE-4.3 such that it looks almost the same as her KDE-3.5.10. Hence next chance I get to update her openSUSE PC (to either 11.2 or 11.3) I will do so, even if it means KDE4.

For me the botton line is while I would prefer a longer support cycle, 2 releases plus a couple of months will work, as long as openSUSE is not the subect of major hacker attention. If hackers start targetting Linux, then IMHO all distributions (and not just openSUSE) will need to review their maintenance duration philosophy.

I don’t believe the answer to security threats is longer support lifetime. It’s a lot of effort retrofitting fixes. Effort that could be put towards other work. And it’s not practical for all software anyway. E.g. RHEL wanted to keep Firefox at 1.5 but Mozilla said no, we have to get people off 1.5 onto 2 and then later onto 3. Fortunately a browser is not crucial to a server distro.

I’m inclined to think the answer lies in more foolproof online upgrade procedures. It’s not easy, but we have to move in that direction.

BTW, no particular user on broadband gets “targetted”. Those malware just probe machines at random, or hope that you will wander onto a poisoned website with your vulnerable brower, or PDF viewer.

Indeed ! And I believe her PC is definitely OK, with a router firewall and her openSUSE firewall, with appropriate ports closed (or redirected/config file precautions in place), to protect against the bots/malware.

But I also know enough about PCs to know that a dedicated hacker, can target an individual, and try to penetrate their specific PC, with a higher probability of success that of a bot. I know specifically of one case where this happened. Of course the individual whose PC was penetrated was a known developer where there was a lot to be gained by hacking their PC. 83-year-old grandmother’s don’t fall into that “attractive developer” category. …

I guess I had to be more specific in my previous post.

Your point about security releases vs re-assigning resources for updates is noted. Still, I think if Linux ever does become a major target for hackers (and I honestly do not see that coming any time soon, as long as MS-Windows continues with its major success in monopolizing the PC market) then if Linux becomes a target, the policy for security fixes for older Linux releases will need be reconsidered. Of course all IMHO.

Yes, well if the spooks are out to get you, they will. But for the rest of us, there’s more risk in crossing the road.

‘For the next two’ surely means 11.3 and 12.0 (or whatever they are called); so 8 months for 11.2, 8 months for 11.3 and 8 months for 12.0 gives 8 × 3.

This interpretation is consistent with the dates given for 10.3, 11.0 and 11.1.

Ok, fair enough. I suppose one could read that sentence as meaning n will be supported until n+3 comes out + 2 months. Too bad they couldn’t use a more concise notation.