The work of managing your own distro even for a device like a media server or handheld gameplayer around the turn of the century was a huge task that's broken more than one admin but almost manageable as long as you didn't have to do the custom apps too but that was long before the opensource eco-system puddle swole up into an ocean. Think you'd need a team of at least 4-6 to do it now. Freezing a version forever is not even an option today, waiting until it's hacked aka letting your users find the bugs never was.
Quoting Brian E. Lavender (brian@brie.com):
> There are probably a boat load of known vulnerabilities in F13.
The only way running Internet-exposed Fedora 13, even for a minimal host
that's just barely enough of an OS build to support a hypervisor, in
2022, would involve the local sysadmin _completely_ having assumed and
diligently carried out, without fail, all security maintenance
_manually_ for all eleven years, since 2011-06-24, when Security Team
coverage of F13 ceased permanently.
That would mean diligently reading all CVEs for all local components
exposed to public traffic -- including the Linux kernel (especially its
network stack), all public-facing services, and all of their libs and
support utilities -- doing, as appropriate, paring of
code/functionality, upgrading, mitigating, applying needed source
patches, etc.
That could be done, by a sufficiently determined and well-prepared
sysadmin who wishes to hand-maintain a very minimal system for
locally-compelling reasons. Gary, _did_ you do all that?
If you didn't, Gary, that's likely a key part of your problem. And
dismissing the problem of need to plug proven security holes with "the
upgrade treadmill is that it is a waste of time" is a reminder that
denial isn't a river in Egypt.
_______________________________________________
Lug-nuts mailing list -- lug-nuts@bigbrie.com
To unsubscribe send an email to lug-nuts-leave@bigbrie.com