Date: Tue, 5 May 2009 16:35:41 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-chat@FreeBSD.ORG Subject: Re: End of Life is Meaningless Message-ID: <200905051435.n45EZfTM073891@lurza.secnetix.de> In-Reply-To: <49FF8F2E.60800@highperformance.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jason C. Wells wrote: > That should be read as "End of Life" is meaningless. Not end of "Life > is Meaningless." Life is still meaningless, as is this post if you > disagree. > > It mystifies me that there is this recent tendency for people to get > concerned about EOL. "What do I do?" My answer, "Do nothing." Just > because a FreeBSD version is EOL doesn't mean you have to stop using > it. It doesn't mean that your particular version is suddenly prone to > downtime. It doesn't mean you can't install patches even though the > secteam won't be updating CVS. It doesn't mean you can't continue to > develop applications for a major version. > > EOL is a tool for FreeBSD to manage its own house. It is in no way a > directive on how you should manage your house. Queue someone still > running 2.1.5 with uptime stats. Come on. You know you want to show off. > > To the people who have to manage limited resources and must therefore > implement an EOL policy. I commend you on the balancing act. Good on ya > mates. Your doing a fine job. I agree somewhat with the above, but ... Everyone running an EOLed system should be aware that there will be no more security patches for it. Well, at least no official ones from the security team. So, once someone finds a security bug that affects you, you either need to update or try to fix it yourself (or find someone to fix it for you; most BSD-supporting companies such as the one I'm working for will do this, but it's not for free, of course). On the other hand, there's not only the problem that there are no security patches, but you also won't get advisories if newer systems aren't affected by a certain problem. For example, if someone discovers a buffer overflow in the libc of FreeBSD 4.11, but 5.x and newer are not affected, then there won't be an advisory. That means that you don't even _know_ that you're in trouble. Basically, from a security point of view, running EOLed versions of FreeBSD is not a very good idea. Given the fact that the EOL deadlines are announced long in advance, and the fact that updating FreeBSD is quite easy (either via source or via binary update), there are very few valid excuses for staying with an EOLed version. Just my 0.02 Euro cents. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "That's what I love about GUIs: They make simple tasks easier, and complex tasks impossible." -- John William Chambless
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905051435.n45EZfTM073891>