The Debian security team announced that Debian 4.0 “Etch” security support will be ended on February 15th, 2010 :
Security Support for Debian GNU/Linux 4.0 to be discontinued on February 15th One year after the release of Debian GNU/Linux 5.0 alias 'lenny' and nearly three years after the release of Debian GNU/Linux 4.0 alias 'etch' the security support for the old distribution (4.0 alias 'etch') is coming to an end next month. The Debian project is proud to be able to support its old distribution for such a long time and even for one year after a new version has been released. The Debian project has released Debian GNU/Linux 5.0 alias 'lenny' on the 14th of February 2009. Users and Distributors have been given a one-year timeframe to upgrade their old installations to the current stable release. Hence, the security support for the old release of 4.0 is going to end in February 2010 as previously announced. Previously announced security updates for the old release will continue to be available on security.debian.org.
Then, Dotdeb will follow the Debian project and all the Etch packages will be moved to http://archives.dotdeb.org/ on Feb. 15th.
It is now time for you to upgrade your last servers from Etch to Lenny…
What’s next?
I’ll have to prepare the Squeeze release (planned on August 2010). The (early) plans ?
- Focus on high quality PHP 5.3 and MySQL 5.1+ packages
- More useful tools for your LAMP platforms : Gearman, Maatkit… MariaDB? Drizzle? Wait & see
- No more mail-realated packages (Qmail, Vpopmail, Courier, Dovecot, Vqadmin)
10 replies on “Etch security support discontinued by Debian on Feb. 15th…”
i would love to see, apache or nginx support as well so its truly the place to come for the full AMP side of the LAMP stack
I would to see as Anthony : Lighttpd support.
For me, Qmail is useless, postfix and a lot of it’s mod is really great.
For me a basic dedicated server have to run :
apache2 php5 mysql postfix ntp munin-node.
But after no one do the same stuff.
First, I’ll like if you remove libapache2-mod-php5 from php5 package dependencies, then, add nginx in the package as an alternative webserver.
look:
http://ferrari.eti.br/php-5-3-php-fpm-xcache-nginx-no-debian-lenny-performance-extrema/
ty!
@Carlos : I read your great article. Thanks for it.
php5 is just a metapackage, you don’t strictly have to install it. BTW, you can satisfy the dependency by installing php5-cgi instead of libapache2-mod-php5.
@all : you’re talking about maintaining more recent apache builds or including alternative webservers (nginx, lighttpd…). Except performance and ease of use in some situations, what are your arguments? Don’t the regular Debian packages fit your needs?
That would be a lot of work maintaining stable and performant new packages. I just want to know how good the reasons are.
nginx particularly in the debian repo is somewhat older and there are newer features of the current release of nginx that mean everytime i want to use it i have to build from source, taking a long time and causing occasional issues
apache is less of a problem to me as its generally mostly bugfix updates rather than feature updates
not sure about lighttpd
-cherokee AND/OR nginx (the debian ones are too old, and getting old too fast)
-redis
-xtradb, SphinxSE, PBXT and other mysql plugins
-gearman, maatkit, drizzle
I would love, if the mysql plugins could be added just like the apache modules, without recompiling the whole mysql from source.
The SphinxSE and xtradb install notes saying that you have to compile the mysql from source(or for the xtradb you can use their apt repo), but for the PBXT plugin you can simply include it in runtime:
http://dev.mysql.com/tech-resources/articles/pbxt-storage-engine.html
To enable the PBXT engine, all I need to do is issue one simple command:
mysql> install plugin pbxt soname ‘libpbxt.so’;
Query OK, 0 rows affected (0.05 sec)
So in my dreams:
– Im using the dotdeb repository.
– If I ever need one of those mysql plugin, I simply apt-get install it, then the install script enable it without downtime.
I know, that I’m asking much. 😀
Tyrael
[…] announced that Debian 4.0 “Etch” security support will be ended on February 15th, 2010 More here One year after the release of Debian GNU/Linux 5.0 alias ‘lenny’ and nearly three years […]
+1 for nginx.
In Lenny, we have nginx 0.6.32-3+lenny3 while the last stable nginx release is 0.7.64 : http://wiki.nginx.org/NginxInstall
It’s not difficult to compile nginx 0.7.64 from Squeeze, but it would be a lot better for us to just have a repository like we have for php5 and mysql.
Many people are using nginx in combination with Apache.
+1 for Nginx,
one of the reasons i came to DotDeb was to get up to date versions of PHP so I could have the latest bug fixes, and security patches running on my server, as I’m running Nginx for my web server I would love the be able to do the same thing with it.
Maybe its just my opinion but its not a god policy to run a production server with old software versions with KNOWN security flaws in them.
FYI, a recent nginx build has just entered “lenny-backports”.