If I may make an observation here, what exactly would you be doing on your older systems that would make them particularly vulnerable to security vulnerabilities? We have tons of 1998-2003 machines here which we acquired through my brothers work as an IT Consultant (most companies do not care what happens to their old computers, they simply order X amounts of new ones and just want the old ones to "disappear", so we have quite the fleet), and while we usually do put them to use, none of these make them highly vulnerable.
Originally Posted by tormod
For instance, we stuck an old TV capture card in one and now use it as a television replacement and media centre with a stripped down version of Fedora 14 with Blackbox using XdTV for television playing and Gnome MPlayer for media playing (accessing videos we have on the rest of the network through sshfs). Assuming we ever did loose support for the graphics hardware it has (Radeon 9200) and just stuck to the latest version of Fedora that works with it, I do not see how that would be putting us in that risky a situation.
Another box we are turning into a custom router and server box with ClearOS, but there it does not really matter what graphics hardware works or not, or indeed would not be particularly dependant on much custom drivers, so we can use the latest versions on it. On another we installed Windows 98 to play some really old Windows and DOS games we have still lying around, but if something happened to that machine it would be of no loss. Being a Windows machine it is pretty much isolated from the rest of the network anyway.
We have a really old and great Fujitsu Lifebook which runs Windows 98 on it as well at the moment, but if I were to put something like the Fedora LXDE spin on it would not really matter what graphics or display drivers it has since it has no acceleration on it anyway. In the end the only really place where the lack of security updates really matters is on the case of some newer laptops made about ten to eight years ago that still may be carted around. But these are for the most part covered by the radeon drivers or Nvidia anyway, so they do not seem to be under threat.
This is not deflecting the point, just something that I have been considering.
This seems to go back to my point about support. As long as someone is willing to step up and maintain the older drivers, they will be kept. The problem is no one is willing to maintain these really old drivers anymore, which cause them to become a problem. Thus the only clear (but not easy) answer would be that, if you value a particular piece of hardware that much, you or someone like you must step up and maintain it. Otherwise it will likely go away.
Originally Posted by tormod
And the other answer is we should all give a big hand to those that are already doing this.
Outside of security, there's the new software argument. Perhaps I need the new gimp for example on it, which depends on new *libs, and so on, which would be an impossible mess having to stay on an older distro.
Well, that isn't really an argument for a few reasons. First, much of software is just compiled for the kernel that typically everyone uses it on. Yes, it may be a pain to chase after each dependency, but if the modern gimp CAN compile just fine on early versions of the 2.6 kernel, or even 2.4, then you gotta do what you gotta do. But, lets say it doesn't work at all due to some hardware or driver restriction. That was the initial reason to use an older kernel in the first place (for example, gimp decides to use a newer version of opengl that is incompatible with older drivers). If gimp ran into a non-hardware related problem, at that point it would probably be too demanding for the hardware trying to use it.
Originally Posted by curaga