Etch security support discontinued by Debian on Feb. 15th…

The Debian security team announced that Debian 4.0 “Etch” security support  will be ended on February 15th, 2010 :

Security Support for Debian GNU/Linux 4.0 to be discontinued on
February 15th

One year after the release of Debian GNU/Linux 5.0 alias 'lenny' and
nearly three years after the release of Debian GNU/Linux 4.0 alias
'etch' the security support for the old distribution (4.0 alias
'etch') is coming to an end next month.  The Debian project is proud
to be able to support its old distribution for such a long time and
even for one year after a new version has been released.

The Debian project has released Debian GNU/Linux 5.0 alias 'lenny' on
the 14th of February 2009.  Users and Distributors have been given a
one-year timeframe to upgrade their old installations to the current
stable release.  Hence, the security support for the old release of
4.0 is going to end in February 2010 as previously announced.

Previously announced security updates for the old release will continue
to be available on

Then, Dotdeb will follow the Debian project and all the Etch packages will be moved to on Feb. 15th.

It is now time for you to upgrade your last servers from Etch to Lenny…

What’s next?

I’ll have to prepare the Squeeze release (planned on August 2010). The (early) plans ?

  • Focus on high quality PHP 5.3 and MySQL 5.1+ packages
  • More useful tools for your LAMP platforms : Gearman, Maatkit… MariaDB? Drizzle? Wait & see
  • No more mail-realated packages (Qmail, Vpopmail, Courier, Dovecot, Vqadmin)

10 replies on “Etch security support discontinued by Debian on Feb. 15th…”

I would to see as Anthony : Lighttpd support.
For me, Qmail is useless, postfix and a lot of it’s mod is really great.
For me a basic dedicated server have to run :
apache2 php5 mysql postfix ntp munin-node.
But after no one do the same stuff.

@Carlos : I read your great article. Thanks for it.
php5 is just a metapackage, you don’t strictly have to install it. BTW, you can satisfy the dependency by installing php5-cgi instead of libapache2-mod-php5.

@all : you’re talking about maintaining more recent apache builds or including alternative webservers (nginx, lighttpd…). Except performance and ease of use in some situations, what are your arguments? Don’t the regular Debian packages fit your needs?

That would be a lot of work maintaining stable and performant new packages. I just want to know how good the reasons are.

nginx particularly in the debian repo is somewhat older and there are newer features of the current release of nginx that mean everytime i want to use it i have to build from source, taking a long time and causing occasional issues

apache is less of a problem to me as its generally mostly bugfix updates rather than feature updates

not sure about lighttpd

-cherokee AND/OR nginx (the debian ones are too old, and getting old too fast)
-xtradb, SphinxSE, PBXT and other mysql plugins
-gearman, maatkit, drizzle

I would love, if the mysql plugins could be added just like the apache modules, without recompiling the whole mysql from source.
The SphinxSE and xtradb install notes saying that you have to compile the mysql from source(or for the xtradb you can use their apt repo), but for the PBXT plugin you can simply include it in runtime:
To enable the PBXT engine, all I need to do is issue one simple command:

mysql> install plugin pbxt soname ‘’;
Query OK, 0 rows affected (0.05 sec)

So in my dreams:
– Im using the dotdeb repository.
– If I ever need one of those mysql plugin, I simply apt-get install it, then the install script enable it without downtime.

I know, that I’m asking much. 😀


+1 for nginx.
In Lenny, we have nginx 0.6.32-3+lenny3 while the last stable nginx release is 0.7.64 :

It’s not difficult to compile nginx 0.7.64 from Squeeze, but it would be a lot better for us to just have a repository like we have for php5 and mysql.

Many people are using nginx in combination with Apache.

+1 for Nginx,

one of the reasons i came to DotDeb was to get up to date versions of PHP so I could have the latest bug fixes, and security patches running on my server, as I’m running Nginx for my web server I would love the be able to do the same thing with it.

Maybe its just my opinion but its not a god policy to run a production server with old software versions with KNOWN security flaws in them.

Comments are closed.