I find that somewhat disturbing.
Could the Asterisk developers please comment on the discussions with the
Debian Project regarding their request for “a reliable commitment by the
maintainers to backport/test security fixes across the typical three year life
cycle”?
It’s clearly too late to do anything about Debian 12 Bookworm now, but I would
like to know whether it’s reasonable to expect it to reappear in Trixie in 2
years’ time.
The two specific questions I’m interested in are:
-
Was this requirement from Debian present for previous releases, or is this
something new they have introduced? -
What additional effort would it mean for the Asterisk project to comply with
this request, given that Debian only seems to use LTS versions of Asterisk
now?
Thanks,
Antony.