{"id":14809,"date":"2025-12-14T09:02:58","date_gmt":"2025-12-14T16:02:58","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=14809"},"modified":"2025-12-14T09:11:23","modified_gmt":"2025-12-14T16:11:23","slug":"my-experience-in-the-debian-lts-and-elts-projects","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2025\/12\/14\/my-experience-in-the-debian-lts-and-elts-projects\/","title":{"rendered":"My Experience in the Debian LTS and ELTS Projects"},"content":{"rendered":"\n

(Headline blog post below) I’ve always been aware of the Debian LTS and ELTS project<\/a> run by Freexian<\/a>, but I’ve never used the ELTS support. But I had a compelling reason to investigate it as my old RasPBX install running on a Pi 3 Raspbian Buster install lost LTS support from Debian’s repositories. To run a newer version of Asterisk and FreePBX I’d need to switch to x86-64 hardware as they no longer support the Raspberry Pi directly. But since my RasPBX install isn’t open to the internet and only has outgoing trunk connections to my VOIP provider, I’m not that bothered by the old versions of Asterisk and FreePBX, which work great. So I changed to the Freexian repository and boy did a lot of updates come in. You do have to be aware that they primarily update security patches for the base operating system install unless you contract with them for extra packages, so any critical extra packages would need to be managed directly with compiling source code, but you can keep an old OS installation going and secure. So with that background, I thought this blog post below about a Debian developer that participated in the project was of interest. For fun I might see if I can get an old cheap Chromebox and convert it<\/a> to a new install of FreePBX<\/a>, but with Freexian ELTS support there is no rush.<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

https:\/\/ral-arturo.o<\/a>r<\/a>g\/2025\/04\/17\/lts.html<\/a><\/p>\n\n\n

<\/div><\/div><\/div>\n\n\n

ral-arturo.org<\/a> | Apr 17, 2025<\/p>\n\n\n\n

\"Debian\"<\/figure>\n\n\n\n

Last year, I decided to start participating in the Debian LTS and ELTS projects. It was a great opportunity to engage in something new within the Debian community. I had been following these projects for many years, observing their evolution and how they gained traction both within the ecosystem and across the industry.<\/p>\n\n\n\n

I was curious to explore how contributors were working internally \u2014 especially how they managed security patching and remediation for older software. I\u2019ve always felt this was a particularly challenging area, and I was fortunate to experience it firsthand.<\/p>\n\n\n\n

As of April 2025, the Debian LTS project<\/a> was primarily focused on providing security maintenance for Debian 11 Bullseye<\/em>. Meanwhile, the Debian ELTS project<\/a> was targeting Debian 8 Jessie<\/em>, Debian 9 Stretch<\/em>, and Debian 10 Buster<\/em>.<\/p>\n\n\n\n

During my time with the projects, I worked on a variety of packages and CVEs. Some of the most notable ones include:<\/p>\n\n\n\n