What are the differences between Debian LTS and Extended LTS?
The main difference is that Debian LTS is part of the Debian Project. The Freexian Debian LTS service aims to fund the work of Debian LTS contributors to ensure five years of support of the active Debian releases. Extended LTS is a service exclusively run by Freexian to provide five years of additional security support.
Another important difference is the set of supported packages. Except for some documented limitations, the Freexian Debian LTS Team supports as many Debian packages as possible, prioritizing the packages used by the sponsors. In contrast, the Extended LTS service only supports the packages used by the customers.
Should I subscribe to LTS before subscribing to ELTS?
Yes! The best way to make sure your packages are properly supported and do not get excluded from support when there are issues (it can happen for packages that are difficult to maintain and have no known usage among Debian LTS sponsors) is to sponsor LTS first and then subscribe to ELTS.
Is the price per computer or per company?
Per company, no matter how many machines use Extended LTS updates.
Does Freexian provide support for single packages?
It is not suitable to limit the security updates to specific packages among the whole set of those installed on a machine. Security issues can be exploited through vulnerabilities in dependencies of the related packages, so the underlying assumption of the Extended LTS service is that customers provide a full list of packages they use.
That said, you are free to compose the package list with those that you want to support only. But even if you provide a list with a single package, any Extended LTS subscription includes security support for all of the base packages of the related Debian release.
In other words, you have the possibility to tweak the list of packages that you are requesting support to, even down to a single package that you mainly care about, but be warned that this is not a safe approach.
Will there be Extended LTS for all the future Debian releases?
Yes.
Is there any SLA on the publication of fixes for CVE?
No. And this is for several reasons. First, there’s no good source for the date of publication of a CVE. See the FAQ from CVE.org. Second, there are too many elements that can delay the release of a security fix, for example the availability of the vulnerability details, availability of an upstream patch, and obstacles to backport said patch, among other factors. Refer to the Debian Extended LTS service contract included in the subscription form for complete details.
I have more questions. Where do I send them?
Please get in touch with us at sales@freexian.com.