Date: Fri, 23 Jun 2017 13:36:26 +0800 From: Julian Elischer <julian@freebsd.org> To: Kurt Jaeger <lists@opsec.eu> Cc: freebsd-ports <ports@freebsd.org> Subject: Re: [RFC] Why FreeBSD ports should have branches by OS version Message-ID: <85832c4b-fa02-d205-7296-0b48c186c9a9@freebsd.org> In-Reply-To: <20170623052334.GC29157@home.opsec.eu> References: <CAO%2BPfDeFz1JeSwU3f21Waz3nT2LTSDAvD%2B8MSPRCzgM_0pKGnA@mail.gmail.com> <20170622121856.haikphjpvr6ofxn3@ivaldir.net> <dahnkctsm1elbaqlarl8b9euouaplqk2tv@4ax.com> <20170622141644.yadxdubynuhzygcy@ivaldir.net> <4jrnkcpurfmojfdnglqg5f97sohcuv56sv@4ax.com> <20170622211126.GA6878@lonesome.com> <n8eokc5fafda8gedtvbhh7i0qdk83gur5q@4ax.com> <20170623023954.GA29157@home.opsec.eu> <856b02db-26b2-91c5-acc6-f62fc99af49e@freebsd.org> <20170623052334.GC29157@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 23/6/17 1:23 pm, Kurt Jaeger wrote: > Hi! > >>> There's a blog post from one of the folks that explains the >>> idea behind that 'fast update' mode of operations, and yes, >>> he's doing real work. >>> http://blog.koehntopp.info/index.php/1776-rolling-out-patches-and-changes-often-and-fast/ >> That is ONE kind of installation. > Well, there's the thinking that in the not-to-far future, everything > is connected, and you'll need to be able to update at any time > because of whatever security/threat that IT ecosystem throws at you. > >> It DOES NOT WORK when th most you can upgrade a customer system is >> once a year or once every two years. > The 'other side' of the debate thinks: Well, if they think this > is the way to do it, they have a problem and need to change > their procedures. > > The viewpoint is: That system can start debating with the next > worm/trojan coming along, but that won't help. The assumption > is: everything is connected/on the internet, and not even > voluntarily. > > Think connected cars, IoT etc. > >> I will add that such users would help their own case by fixing such >> issues and feeding the changes back to their branches upstream, >> thus helping maintain the branch. Maybe we could have a system of >> "corporate sponsors" for these branches. > Given the state of fundraising in open source, I doubt that this > will be viable. My personal experience is that if it were put in the form of an annual s subscription, most mid sized corporate finance offices wouldn't blink at $20k if they thought it was an important part of their product. (that's the key) Some wouldn't blink at 50K. ("the software is free but we need to help pay for people to do real work to keep it safe, it'll save us (some fraction of) a full time person"). The problem is that such a set of sponsored branches does not exist so knowing who'd sign up and who would't is just guesswork, and the companies have made "alternative arrangements" whether that means somewhat forgoing the ports tree (e.g Vicor) or building an infrastructure around ports head ( e.g. Panzura), or having some other snapshotting system ( e.g Ironport/Cisco)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?85832c4b-fa02-d205-7296-0b48c186c9a9>