Notes about security of the Debian GNU/kFreeBSD operating system.
Security support
wheezy (oldstable)
Packages receive timely updates via security.debian.org like any other architecture.
Even if we were a 'development preview' in wheezy, we've issued timely security updates to kfreebsd-9 (9.0) and should continue to do so until 2016-05 (regular wheezy end-of-life). 9.0 isn't supported upstream any more, but stable/9 still is, and we've been able to backport fixes from there.
We lack the resources to participate in a wheezy LTS.
The kfreebsd-8 package does not receive timely security updates. stable/8 upstream EoL is expected 2015-06-30 anyway.
kfreebsd-jessie (kfreebsd-stable)
Packages should receive timely updates via security.debian.org; that infrastructure is already set up. Updates for some packages might get delayed if they FTBFS on kfreebsd.
kfreebsd-10 (10.1) should have upstream support until 2016-12-31. After that we can backport fixes from stable/10. We should be able to support it until regular jessie EoL, probably in 2018.
I'm interested in a jessie LTS, but it's too early to make any promises about this yet. We could even consider a "jessie-and-a-half" kernel update to 10.3 for something like this.