Date: Thu, 26 Jun 2008 00:59:13 -0700 From: "Peter Wemm" <peter@wemm.org> To: "Jo Rhett" <jrhett@netconsonance.com> Cc: FreeBSD Stable <freebsd-stable@freebsd.org>, John Baldwin <jhb@freebsd.org> Subject: Re: tracking -stable in the enterprise Message-ID: <e7db6d980806260059v24f15597p1ea40c226752e56e@mail.gmail.com> In-Reply-To: <15C7C9E0-7F99-4FAC-941A-9BBCC3600E55@netconsonance.com> References: <3cc535c80806080449q3ec6e623v8603e9eccc3ab1f2@mail.gmail.com> <200806231051.03685.jhb@freebsd.org> <A27FDCBE-2C4E-49A5-8826-2FB47E2FEA3E@netconsonance.com> <e7db6d980806250346q2871abd3n2147b936155cc4e2@mail.gmail.com> <15C7C9E0-7F99-4FAC-941A-9BBCC3600E55@netconsonance.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 25, 2008 at 12:21 PM, Jo Rhett <jrhett@netconsonance.com> wrote: > On Jun 25, 2008, at 3:46 AM, Peter Wemm wrote: >> >> Correct. We roll our own build snapshots periodically, but we also >> keep a pretty careful eye on what's going on in the -stable branches. > > Okay, that makes sense to me ;-) > >>> I mean, I guess Yahoo has enough resources to literally run every commit >>> to >>> -stable through a full test cycle and push it out to every machine, but >>> my > >> No. Why on earth would we do that? if we wanted to cause ourselves >> that much pain for no good reason, we'd go get a pencil and stab >> ourselves in the eye. > > Yes, we are definitely on the same page. Thanks for the clarification ;-) > >> We don't upgrade machines that have been deployed unless there is a >> good reason to. > > Do you deploy machines for longer than 1 year? How do you deal with > security patches in the longer term? I think we still have FreeBSD-3.x machines in production. I know we have FreeBSD-4.3. 99.9% of security issues don't affect us. We have our own package system built on top of FreeBSD's pkg_add format and have the ability to push packages to machines. If circumstances warrant it, we can push a fix for something. It'll either push a new binary or be a source patch that is compiled directly on the machines in question. The machines run a custom software stack. More often we push fixes for driver or performance fixes or things like timezone updates. The important thing is that we don't disturb machines that are running happily. Hardware vendors are constantly messing with firmware, bugs in silicon, etc etc. This is an issue for NEW installs, usually not existing machines. Usually. -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6FJV "All of this is for nothing if we don't go to the stars" - JMS/B5 "If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e7db6d980806260059v24f15597p1ea40c226752e56e>