From owner-freebsd-stable@FreeBSD.ORG Wed Jun 11 12:36:32 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B7A2C106566B for ; Wed, 11 Jun 2008 12:36:32 +0000 (UTC) (envelope-from andy.kosela@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.177]) by mx1.freebsd.org (Postfix) with ESMTP id 6AD928FC13 for ; Wed, 11 Jun 2008 12:36:32 +0000 (UTC) (envelope-from andy.kosela@gmail.com) Received: by py-out-1112.google.com with SMTP id p76so1386341pyb.10 for ; Wed, 11 Jun 2008 05:36:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=mdTpUGpPouxvRWkJKgWZ1K+9g3n8VMuLSFYoLkmHQ8E=; b=gZxZ1fmETKhTG/9n7ee2UdHiPpu793KVvj+JKO5O1zqgCGwoMwwjzkhTjbnlMo3g6C Fr3Iv/+GRovWz1Qh8AOxNfj4O4OjR9eZfKVsJ6PHRfnJO6jgCdKeGZ27tphka59YdsRy 5+Qi59ooxjD+iNpReOJg0NCtoHm3oTdKrQ6/g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=uD+gOjqICIlVu1fG1GCpcQ7QxZRmSpmf4msJ4FvyssUuqXsmlsCbfz05sf50NihzBa ERwiKUigGK3PzLq2a3kNBrbPvmhkatyuGOCiyLHr8POXhddHKb8WbIOMrEoWjBbFTai+ +QIEYp/M3xFGNvZWc80g3XK9sVaXm5CWBooIU= Received: by 10.114.134.20 with SMTP id h20mr6432784wad.91.1213187790863; Wed, 11 Jun 2008 05:36:30 -0700 (PDT) Received: by 10.114.112.6 with HTTP; Wed, 11 Jun 2008 05:36:30 -0700 (PDT) Message-ID: <3cc535c80806110536w1c8af6efq8d5470ce6de8cb38@mail.gmail.com> Date: Wed, 11 Jun 2008 14:36:30 +0200 From: "Andy Kosela" To: freebsd-stable@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <484FA07E.60103@lozenetz.org> Cc: rwatson@freebsd.org, lists@lozenetz.org, mh@kernel32.de Subject: Re: CLARITY re: challenge: end of life for 6.2 is premature withbuggy 6.3 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jun 2008 12:36:32 -0000 Robert, Thank you for your insights. I think that this agreement between users and developers does occur. The proper balance between rapid development vs long term stability is the platform through which such agreement can be achieved. It's up to the Core Team to reasonably steer the Project in such a way as to achieve the greatest results. FreeBSD has always been focused on creating simple, stable and reliable operating system for system administrators and let's keep it that way. Longer term support for -RELEASE gives many companies a stable platform to develop and maintain their infrastructure. I think 5 years support for major FreeBSD release (like major 6 or 7) would be really perfect for many of us. On Wed, Jun 11, 2008 at 1:26 PM, Marian Hettwer wrote: > But there is a way around. As soon as you have several FreeBSD boxes, I'd > advise you to install your own FreeBSD box for packages building. > So if you need to update your php installations, go to your build box > (which has the very same versions of programs installed as your production > boxes), update your ports tree and do a "make package" of your new php > port. > If the new php package works fine on your build box, roll it out via > "pkg_add -r $NEWPHPTHINGY" and off you go. I think Anton raised a valid and reasonable point here by analyzing my previous statements. Every data center environment test the upgrade process before deploying it on production machines, but my point circulated around the whole different theme. Backporting Backporting security and bug fixes to *STABLE* versions of ports would definetly render the whole ports framework infrastructure more solid and trustworthy for organizations that need mission critical stable and reliable environment to work in. Creating -SECURITY branch of ports tree with support *just* for common server applications like apache, postfix, mysql or vsftpd (definetly not for all available ports) would very well encourage more companies now stuck with the only alternative (redhat/centos or debian) to trust this ports tree branch in deploying their applications which very often needs specific versions of the software to run properly. Right now it's sometimes very risky to jump to the latest available upstream version as it very often breaks compatibility with older versions. I've been toying with the idea to create such -SECURITY branch, at least just for ports I use extensively. I'm not aware of no such project (open source, commercial) that is doing that. I'm curious how many people out there would be also interested in such an idea. > If you take a close look onto how the debian project is backporting > security fixes you would probably agree that pretty often it's more > desireable to jump to a newer version of that software than instead just > security fixing it. > Examples needed? > MySQL 4.1.11 was the "stable" MySQL 4.1 in Debian Sarge. Of course it got > security fixed, but not bugfixed. You get a secure version of MySQL 4.1 in > Debian but not a stable one, because important bugfixes are missing. > I'd rather upgrade to the latest MySQL 4.1.xx instead. > And of course, do your testing before jumping version numbers. Redhat/CentOS is more reliable here as backports involves both security and bug fixes, plus even new hardware enhancements. -- Andy Kosela ora et labora