Date: Tue, 6 Aug 2002 20:32:06 +0000 From: Josh Paetzel <friar_josh@webwarrior.net> To: BSD Freak <bsd-freak@mbox.com.au> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: There must be a better way to maintain older systems Message-ID: <20020806203206.H454@twincat.webwarrior.net> In-Reply-To: <ddbe48dd7dec.dd7decddbe48@mbox.com.au>; from bsd-freak@mbox.com.au on Wed, Aug 07, 2002 at 11:02:12AM %2B1000 References: <ddbe48dd7dec.dd7decddbe48@mbox.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 07, 2002 at 11:02:12AM +1000, BSD Freak wrote: > Hi all, > > I am responsible for maintaining 14 FreeBSD, 1 Windows 2000 and 1 > Solaris servers at three sites. While I am certianly no fan of Windows > 2000 or the commercial UNIX distributions I have to say they take up a > lot less of my time to maintain. For example I can download (binary > packages) patches and "Service Packs"/hotfixes to patch bugs and > vulnerabilities and then I forget about it. Upgrades of OS happen once > every 3-4 years (and usually accomany a hardware upgrade which makes it > a bit neater and less risky). > > With FreeBSD however I find myself upgrading every six months or so > when a new version is released. I spend half my time upgrading the 14 > production servers (in the middle of the night usually!), then by the > time I have gotten around to the last system, I'm usually only a month > or so away from the next -RELEASE and I I have to do it all again if I > am to keep my systems secure and current. > > I find myself thinking there *MUST* be a better way. I am quite happy > with the stability/features of older versions (ie 4.4-R 4.5-R etc). > Surely I don't have go through this upgrade cycle every six months! It > would be great to just run a pkg_add which would overwrite any insecure > binaries with newer patched ones (and do an actual binary upgrade only > when absolutely required - e.g. every 2-3 years). I am even thinking of > starting such a project myself. > > Am I missing something? (i.e. is there a better way?) > (If someone tells me to cvsup and do a makeworld on my busy production > servers I will scream!) > I wanna hear how loud you can scream. There certainly are binary patches released for certain security issues. I think there's been two or maybe even 3 in the last two weeks. Personally, I don't care for patches. The beauty of cvs is that you can (usually) back out a bad upgrade if something does bite you in the ass. You also aren't forced by anyone to upgrade. I have a friend who ran a fairly major website and hosting service on FreeBSD 3.3 and didn't update til 4.4 came out. You DO know that you can make buildworld and kernel on one machine and then nfs mount that machines /usr/src and /usr/obj and do make installworlds and installkernels on them all? I also submit, simply for the sake of arguement, if you had 14 windows 2000 servers and 1 FreeBSD server, you'd have twice the work on your hands. ;) Josh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020806203206.H454>