Notes about security of the Debian GNU/kFreeBSD operating system.

Security support

wheezy (oldstable)

Packages receive timely updates via security.debian.org like any other architecture.

Even if we were a 'development preview' in wheezy, we've issued timely security updates to kfreebsd-9 (9.0) and should continue to do so until 2016-05 (regular wheezy end-of-life). 9.0 isn't supported upstream any more, but stable/9 still is, and we've been able to backport fixes from there.

We lack the resources to participate in a wheezy LTS.

The kfreebsd-8 package does not receive timely security updates. stable/8 upstream EoL is expected 2015-06-30 anyway.

kfreebsd-jessie (kfreebsd-stable)

Packages should receive timely updates via security.debian.org; that infrastructure is already set up. Updates for some packages might get delayed if they FTBFS on kfreebsd.

kfreebsd-10 (10.1) should have upstream support until 2016-12-31. After that we can backport fixes from stable/10. We should be able to support it until regular jessie EoL, probably in 2018.

I'm interested in a jessie LTS, but it's too early to make any promises about this yet. We could even consider a "jessie-and-a-half" kernel update to 10.3 for something like this.

Exploit mitigations