From owner-freebsd-security Thu Apr 12 2:54: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from probity.mcc.ac.uk (probity.mcc.ac.uk [130.88.200.94]) by hub.freebsd.org (Postfix) with ESMTP id 8D79E37B424 for ; Thu, 12 Apr 2001 02:53:58 -0700 (PDT) (envelope-from rasputin@freebsd-uk.eu.org) Received: from dogma.freebsd-uk.eu.org ([130.88.200.97] ident=root) by probity.mcc.ac.uk with esmtp (Exim 2.05 #4) id 14ndnZ-000NMP-00; Thu, 12 Apr 2001 10:53:57 +0100 Received: (from rasputin@localhost) by dogma.freebsd-uk.eu.org (8.11.1/8.11.1) id f3C9ruE88367; Thu, 12 Apr 2001 10:53:56 +0100 (BST) (envelope-from rasputin) Date: Thu, 12 Apr 2001 10:53:56 +0100 From: Rasputin To: Roger Marquis Cc: security@freebsd.org Subject: Re: Security Announcements & Incremental Patches Message-ID: <20010412105356.A88231@dogma.freebsd-uk.eu.org> Reply-To: Rasputin References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from marquis@roble.com on Wed, Apr 11, 2001 at 12:36:57PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Roger Marquis [010411 20:38]: > Scott Johnson wrote: > > There is a difference between security fixes and a 'more low-key and > > conservative set of changes intended for our next mainstream release'. > > I think this is a point many posters are missing. Production > systems administration has to be conservative. A good systems > administrator would *NEVER* run cvsup or -STABLE on a revenue > generating production server for example. Change deltas must be > kept to a minimum to minimize the risk of downtime or application > problems. I agree with you here. I've seen the performance and reliability of my box increase from tracking STABLE, but it's a home system. Remotely upgrading enterprise boxes is a differnet ball game entirely, but there are always going to be risks doing that, and I don't know of any way to eliminate them. A kernel bug fix tends to need a reboot. > > I just want to add my voice as to how I use FreeBSD. Simply saying 'use > > - -STABLE' to those of us running -RELEASE on production systems isn't > > appropriate, > > Agreed. It might be worthwhile to point out that Linux is gaining > market share by leaps and bounds while FreeBSD's user base remains > relatively stagnant for *exactly* this reason. Why? Because RedHat only provide updates as individual RPMS, so updating a system from one version to another was always a complete nightmare? (Exhibit A being shipping the new version of RPM as an RPM. In the new package format.) A central source tree form kernel and userland is BSDs crtowning glory, IMO. But that's not to say that patches aren't an option. > This is all IMHO. Perhaps I'm just spoiled by Solaris' patch > process. Yet we have seen a significant increase in Sun purchases > thanks to their Blade 100 and it's $1000 price (headless). The > FreeBSD community has to make the choice: do you want to FreeBSD > to be a great developer's OS and an also-ran production platform > (Dag-Erling Smorgrav's "submit patches or shut up") or would it be > better in the long term to shift some resources (like incremental > security patches) in order to boost market share? IMO, all contact I've had with the FreeBSd team has been motivated out of a genuine need to create a good product. Saying they do this to 'increase market share' does them a disservice. Their motivation to me has always seemed to be to make an OS that sucks less than any other, whether or not that's commercially attractive. -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message