💻 Rolling Releases

📎 digital-security 📎 linux 📎 operating-system

Richard Brown shares how rolling releases are better way to distribute complex software stacks like Linux, delivering the promises and benefits expected by users from open source software.

https://www.youtube.com/watch?v=i8c0mg_mS7U (Video title: Regular Releases are Wrong, Roll for your life)

I am quoting from another article:

Source: https://www.privacyguides.org/en/os/linux-overview/?h=rolling#release-cycle (title: Release cycle)

quote

... For frozen distributions such as Debian, package maintainers are expected to backport patches to fix vulnerabilities rather than bump the software to the “next version” released by the upstream developer. Some security fixes do not receive a CVE ID (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release.

We don’t believe holding packages back and applying interim patches is a good idea, as it diverges from the way the developer might have intended the software to work. Richard Brown has a presentation about this: ...