I was part of the Ubuntu decision at GitHub, and it was based on the fact that Ubuntu gave you much longer support after the next release. Debian (at the time) only guaranteed even security updates on previous releases for one year after a new release.
Just wondering, not an attack: did you talk to the Debian project to see what resources (money or person-time) are needed to support a Debian release for a longer time?
I am asking, because Debian is a community project and in the end it gives what its community members are putting in. I am wondering about the amount of effort necessary.
It seems that they estimate it at one person, full time [1]. Which does not seem a lot, given the number of organizations that use Debian.
Why would they talk to anybody? Support decisions were already made (for a reason) for both releases. Trying to revise them and committing on '?' for an array of production servers is a horrible idea.
Exactly this. It would have seemed pretty presumptuous to ask the Debian project to change the support model that they decided worked for them to support us.
We were also faced with a very large new infrastructure build and we knew we were at the end of the line with Squeeze but Wheezy had't quite yet shipped, which put us in an awkward position.
Debian is a great distribution, but at the time we felt like Ubuntu was the right way to go given the existing support policies.
When I made the decision for my shop, we chose Ubuntu because of the guaranteed support cycle. Debian's support windows were too short, and we need to be able to plan years ahead of time for when we must spend the time to upgrade the OS. It takes a lot of testing and tweaking, and Debian didn't give us any certainty beyond a few months out. Ubuntu gives us a five year guarantee (and they've been sticking to that for six years now). That allows us to be a lot more confident about making plans for the next year or two.
Not even close:
"Debian-LTS will not be handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success (with some overlap in people involved)."
How is this different? Unless you know the security team personally, how does it matter which people does the job? It is still officially a Debian project, backed by those volunteers who does the job.
Because Debian doesn't provide enterprise support.
Let say that you've got a critical bug somewhere, do you really think you can tell your boss 'Yeah I asked on IRC / forums / mailing list to get an ETA'