On Sat, Nov 10, 2018 at 07:41:19PM +0300, Andres Suarez wrote:
> Hello everybody,
>
> From the security point of view: Is it worth to update from Jessie to
> ASCII? Do you see any significant advantage? I do no use any exotic software.

Yes. Upstream (Debian) Jessie is only in LTS, which, as discussed in a
recent flamewar, is quite a misleading term compared to general usage. It
should be probably named "extended support" or such.

Jessie is no longer owned by the regular security team, and sees nowhere as
much attention as Stretch. Packages considered unimportant are silently
neglected and may have unfixed bugs. CVEs are tracked in general, but you
can forget about any reasonable coverage of non-security fixes. Or for
backports in a good shape.

Consider the LTS/ES a grace period to migrate to Stretch/ASCII rather than
something recommended for use.


Meow!
--
⢀⣴⠾⠻⢶⣦⠀ Have you heard of the Amber Road? For thousands of years, the
⣾⠁⢰⠒⠀⣿⡁ Romans and co valued amber, hauled through the Europe over the
⢿⡄⠘⠷⠚⠋⠀ mountains and along the Vistula, from Gdańsk. To where it came
⠈⠳⣄⠀⠀⠀⠀ together with silk (judging by today's amber stalls).