From owner-freebsd-stable@FreeBSD.ORG Thu Jun 26 07:59:14 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A562106564A for ; Thu, 26 Jun 2008 07:59:14 +0000 (UTC) (envelope-from peter@wemm.org) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.244]) by mx1.freebsd.org (Postfix) with ESMTP id 24B878FC1E for ; Thu, 26 Jun 2008 07:59:14 +0000 (UTC) (envelope-from peter@wemm.org) Received: by an-out-0708.google.com with SMTP id b33so970897ana.13 for ; Thu, 26 Jun 2008 00:59:13 -0700 (PDT) Received: by 10.100.31.3 with SMTP id e3mr20023763ane.64.1214467153673; Thu, 26 Jun 2008 00:59:13 -0700 (PDT) Received: by 10.100.154.11 with HTTP; Thu, 26 Jun 2008 00:59:13 -0700 (PDT) Message-ID: Date: Thu, 26 Jun 2008 00:59:13 -0700 From: "Peter Wemm" To: "Jo Rhett" In-Reply-To: <15C7C9E0-7F99-4FAC-941A-9BBCC3600E55@netconsonance.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <3cc535c80806080449q3ec6e623v8603e9eccc3ab1f2@mail.gmail.com> <200806231051.03685.jhb@freebsd.org> <15C7C9E0-7F99-4FAC-941A-9BBCC3600E55@netconsonance.com> Cc: FreeBSD Stable , John Baldwin Subject: Re: tracking -stable in the enterprise X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2008 07:59:14 -0000 On Wed, Jun 25, 2008 at 12:21 PM, Jo Rhett wrote: > On Jun 25, 2008, at 3:46 AM, Peter Wemm wrote: >> >> Correct. We roll our own build snapshots periodically, but we also >> keep a pretty careful eye on what's going on in the -stable branches. > > Okay, that makes sense to me ;-) > >>> I mean, I guess Yahoo has enough resources to literally run every commit >>> to >>> -stable through a full test cycle and push it out to every machine, but >>> my > >> No. Why on earth would we do that? if we wanted to cause ourselves >> that much pain for no good reason, we'd go get a pencil and stab >> ourselves in the eye. > > Yes, we are definitely on the same page. Thanks for the clarification ;-) > >> We don't upgrade machines that have been deployed unless there is a >> good reason to. > > Do you deploy machines for longer than 1 year? How do you deal with > security patches in the longer term? I think we still have FreeBSD-3.x machines in production. I know we have FreeBSD-4.3. 99.9% of security issues don't affect us. We have our own package system built on top of FreeBSD's pkg_add format and have the ability to push packages to machines. If circumstances warrant it, we can push a fix for something. It'll either push a new binary or be a source patch that is compiled directly on the machines in question. The machines run a custom software stack. More often we push fixes for driver or performance fixes or things like timezone updates. The important thing is that we don't disturb machines that are running happily. Hardware vendors are constantly messing with firmware, bugs in silicon, etc etc. This is an issue for NEW installs, usually not existing machines. Usually. -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6FJV "All of this is for nothing if we don't go to the stars" - JMS/B5 "If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell