From owner-freebsd-questions@FreeBSD.ORG Sun May 16 17:50:42 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 490671065672 for ; Sun, 16 May 2010 17:50:42 +0000 (UTC) (envelope-from kraduk@googlemail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id C232C8FC08 for ; Sun, 16 May 2010 17:50:41 +0000 (UTC) Received: by fxm19 with SMTP id 19so63983fxm.13 for ; Sun, 16 May 2010 10:50:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=J7LwitP9pHHjgkDE/e9cKsYHmKBu7iq03gvtiuli8pc=; b=LcvNNScxNxnryTY2J7vqHFxBobYLtqq+vJKSzIv+ZB1FpEnX9FOcgkhQ2ilC9iYLgO PykoT84m3hWIvHrYMtjc+CVzS5lh+Gw/6M5KFD9z7iWF4XXAOEpN9Hd6CvBdltK1sXHK sXZ8hwlrui4OtPB6S/JerpcB/nJOVkcyKw1Xc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=Qax70bjbGOEKlkmvmZC7PscxTjZW5rvXno6Uy3Lpkxk3C+pAo/S+DRT6sZ2+XiDhb5 SBOq0VF4xiAmJfUyoWEnbpWQgzuy+5EhST1mo+25TQ5HR3FoDsHyGQ370v9LYRbfsnui KEEu2l5stMtyTJ/3vZNFWrRFts29DYPuZ8gLc= MIME-Version: 1.0 Received: by 10.239.184.6 with SMTP id w6mr374453hbg.5.1274032240506; Sun, 16 May 2010 10:50:40 -0700 (PDT) Received: by 10.239.165.129 with HTTP; Sun, 16 May 2010 10:50:40 -0700 (PDT) In-Reply-To: <20100516180547.3c61a7e1.freebsd@edvax.de> References: <20100516180547.3c61a7e1.freebsd@edvax.de> Date: Sun, 16 May 2010 18:50:40 +0100 Message-ID: From: krad To: Polytropon Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Dan Naumov , freebsd-questions@freebsd.org Subject: Re: How long do you go without upgrading FreeBSD to a newer release? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 May 2010 17:50:42 -0000 On 16 May 2010 17:05, Polytropon wrote: > On Sun, 16 May 2010 18:42:44 +0300, Dan Naumov > wrote: > > Just a thought/question that has recently come to my mind: How long do > > you usually wait until upgrading to a newer release of FreeBSD? > > A quite generic answer: Only as long as needed. :-) Upgrading > often is determined by certain considerations, such as the > ability to maintain system security (again depending on the > setting and the purpose of the installation), or the require- > ment for some functionality that explicitely requires upgrading. > > > > > What's your oldest currently running installation, > > do you have any issues and are you planning on an upgrade or do you > > intend to leave it running as is until some critical piece of hardware > > breaks down, requiring a replacement? > > FreeBSD 5.4-p14 on a P2/300, 128 MB RAM, office workstation, > last update both in system and applications in 2006. > > Upgrade planning: no. > > Leave it running as long as possible: yes. > > Reason: System runs perfectly (it's not on WAN or acting as a > server, so no major security considerations). It runs better than > my FreeBSD 7 home system which awaits upgrading to 8 soon. :-) > > Oldest: 4.1 on a 486 laptop, I'm sure it still works, but it's > not in regular use. :-) > > > > The reason I am asking is: I have a 8.0 installation that I am VERY > > happy with. It runs like clockwork. eveything is properly configured > > and highly locked down, all services accessible to the outside world > > are running inside ezjail-managed jails on top of ZFS, meaning it's > > also very trivial to restore jails via snapshots, should the need ever > > arise. I don't really see myself NEEDING to upgrade for many years. > > even long after security updates stop being made for 8.0, since I can > > see myself being able to at least work my way around arising security > > issues with my configuration and to break into the real host OS and > > cause real damage would mean you have to be either really really > > dedicated, have a gun and know where I live or serve me with a > > warrant. > > If you're running services available to the outside world, keep > in mind *their* security updates also. If those require a system > update, do it, but usually they don't - you usually just upgrade > the ports in question. For servers, you should follow -p as long > as possible. If there are no further security updates for a > certain release, it MAY be a valid idea to upgrade to the new > release (e. g. 8.0 to 8.2, or what's the current release when > 8.0-p doesn't continue). > > > > > Do you liva by the "If it's not broken, don't fix it" mantra or do you > > religiously keep your OS installations up to date? > > Maybe you'll laugh, but I go with both ways. :-) I've got an > experimental system that I try "bleeding edge" software on, just > to see how well it works. Servers and workstations that I > need to RELY ON go with "not broken, not fix". > > I'm sure you'll get more answers that suggest you to really > think about what you want to do, and that determines your way, > maybe both ways, if that fits your requirements. Both ways have > their advantages and disadvantages, and it's up to you how you > handle it. > > > > > -- > Polytropon > Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ... > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > we have some production dns caches at work running bsd 4.3, that have been there for nearly a decade. We keep the dns software on them upto date and they are locked down with a firewall. However they will be going some time this year, but thats more down to consolidation than anything else.