From owner-freebsd-isp@FreeBSD.ORG Tue May 26 21:38:03 2009 Return-Path: Delivered-To: freebsd-isp@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 40758106570E for ; Tue, 26 May 2009 21:38:03 +0000 (UTC) (envelope-from kontakt@offshoreregistracija.com) Received: from smtp3.sbb.rs (smtp3.sbb.rs [89.216.2.35]) by mx1.freebsd.org (Postfix) with ESMTP id A58E48FC30 for ; Tue, 26 May 2009 21:38:01 +0000 (UTC) (envelope-from kontakt@offshoreregistracija.com) Received: from [192.168.1.136] (cable-87-116-150-85.dynamic.sbb.rs [87.116.150.85]) by smtp3.sbb.rs (8.14.0/8.14.0) with SMTP id n4QL1RsS026548 for ; Tue, 26 May 2009 23:01:30 +0200 Date: Tue, 26 May 2009 23:01:28 +0200 Mime-version: 1.0 From: Offshore Tim To: freebsd-isp Message-Id: <526231.HSJRTBVE@offshoreregistracija.com> Original-recipient: rfc822;freebsd-isp@FreeBSD.ORG Content-type: text/plain; charset="ISO-8859-1"; format=flowed Content-transfer-encoding: quoted-printable X-SMTP-Vilter-Version: 1.3.2 X-SBB-Virus-Status: clean X-SBB-Spam-Score: -2.5 Cc: Subject: Offshore registracija vozila X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 May 2009 21:38:04 -0000 Iskoristite mogucnost da registrujete vase vozilo na cook islands tablice i= time izbegnete carinjenje i porez, bilo da se radi o novom ili polovnom vo= zilu iz uvoza. Takodje ovaj vid registracije vam omogucava da produzenje registracije izvr= site po mnogo povoljnijim uslovima i visestruko jeftinije. Produzenje registracije je fiksno za svu vrstu vozila bez obzira na kubikaz= u I starost vozila. Kod ovakvog vida registracije vozilo se registruje na vase ime i omogucava = vam upravljanje motornim vozilom u zemlji i inostranstvu bez ikakve dodatne= dokumentacije. Vise informacija na www.offshoreregistracija.com From owner-freebsd-isp@FreeBSD.ORG Wed May 27 15:12:27 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B9E851065678 for ; Wed, 27 May 2009 15:12:27 +0000 (UTC) (envelope-from tonix@interazioni.it) Received: from mx02.interazioni.net (mx02.interazioni.net [80.94.114.204]) by mx1.freebsd.org (Postfix) with ESMTP id 0BFF48FC17 for ; Wed, 27 May 2009 15:12:25 +0000 (UTC) (envelope-from tonix@interazioni.it) Received: (qmail 17479 invoked by uid 88); 27 May 2009 15:12:23 -0000 Received: from unknown (HELO ?192.168.56.198?) (tonix@interazioni.it@85.18.206.139) by relay.interazioni.net with ESMTPA; 27 May 2009 15:12:23 -0000 Message-ID: <4A1D5856.2040404@interazioni.it> Date: Wed, 27 May 2009 17:12:22 +0200 From: "Tonix (Antonio Nati)" User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <4A166B29.1070202@interazioni.it> <4A1809E2.8020608@neely.cx> In-Reply-To: <4A1809E2.8020608@neely.cx> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 15:12:28 -0000 Tonix (Antonio Nati) wrote: >> I'm in the phase of planning my new generation of FreeBSD servers, >> and I would love to make them more easy to upgrade. >> Main problem I have currently is I do not want any source code on >> production server, so freebsd-update is welcome, but... what about >> packages? >> I would use packages, but they are not easy to upgrade, while ports >> can be easy to upgrade, but need to have sources an servers. Thanks to all which answered, both publicy and privately. It looks to be a topic in which FreeBSD could be improved a lot. Is there any way we can drive/suggest something to do? Could be used Google Summer's code or something similar 8also sponsored by us)? Thanks, Tonino -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix@interazioni.it ------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Wed May 27 16:39:26 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 435211065707 for ; Wed, 27 May 2009 16:39:26 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4]) by mx1.freebsd.org (Postfix) with ESMTP id C691A8FC1E for ; Wed, 27 May 2009 16:39:25 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 11268 invoked by uid 399); 27 May 2009 16:13:07 -0000 Received: from localhost (HELO ?192.168.0.101?) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 27 May 2009 16:13:07 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4A1D6691.9070006@FreeBSD.org> Date: Wed, 27 May 2009 09:13:05 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: "Tonix (Antonio Nati)" References: <4A166B29.1070202@interazioni.it> <4A1809E2.8020608@neely.cx> <4A1D5856.2040404@interazioni.it> In-Reply-To: <4A1D5856.2040404@interazioni.it> X-Enigmail-Version: 0.95.7 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 16:39:27 -0000 Tonix (Antonio Nati) wrote: > Tonix (Antonio Nati) wrote: >>> I'm in the phase of planning my new generation of FreeBSD servers, >>> and I would love to make them more easy to upgrade. >>> Main problem I have currently is I do not want any source code on >>> production server, so freebsd-update is welcome, but... what about >>> packages? >>> I would use packages, but they are not easy to upgrade, while ports >>> can be easy to upgrade, but need to have sources an servers. > Thanks to all which answered, both publicy and privately. > It looks to be a topic in which FreeBSD could be improved a lot. > > Is there any way we can drive/suggest something to do? > Could be used Google Summer's code or something similar 8also sponsored > by us)? I've submitted a proposal to the Foundation twice to extend portmaster with similar functionality, but I haven't made the cut yet. I am still interested in obtaining funding for this project, and this looks like as good an opportunity as any to put that idea in front of new eyeballs. Please take a look at the URL below, and anyone who has ideas on how I might go about obtaining funding for this project feel please let me know. Regards, Doug http://dougbarton.us/portmaster-proposal.html From owner-freebsd-isp@FreeBSD.ORG Wed May 27 16:42:03 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3AC051065677 for ; Wed, 27 May 2009 16:42:03 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4]) by mx1.freebsd.org (Postfix) with ESMTP id 529198FC2A for ; Wed, 27 May 2009 16:42:02 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 12776 invoked by uid 399); 27 May 2009 16:38:27 -0000 Received: from localhost (HELO ?192.168.0.101?) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 27 May 2009 16:38:27 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4A1D6C75.6000603@FreeBSD.org> Date: Wed, 27 May 2009 09:38:13 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: "Tonix (Antonio Nati)" References: <4A166B29.1070202@interazioni.it> <4A1809E2.8020608@neely.cx> <4A1D5856.2040404@interazioni.it> <4A1D6691.9070006@FreeBSD.org> In-Reply-To: <4A1D6691.9070006@FreeBSD.org> X-Enigmail-Version: 0.95.7 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 16:42:04 -0000 Doug Barton wrote: > ... and anyone who has > ideas on how I might go about obtaining funding for this project feel > please let me know. D'oh! That was going to be "feel free to," and somehow got jumbled between brain and fingers. From owner-freebsd-isp@FreeBSD.ORG Wed May 27 23:17:51 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC6D310656D7; Wed, 27 May 2009 23:17:51 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 88FE78FC17; Wed, 27 May 2009 23:17:51 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 7BF1619E044; Thu, 28 May 2009 00:58:35 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 1142819E043; Thu, 28 May 2009 00:58:33 +0200 (CEST) Message-ID: <4A1DC599.6010704@quip.cz> Date: Thu, 28 May 2009 00:58:33 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: Doug Barton References: <4A166B29.1070202@interazioni.it> <4A1809E2.8020608@neely.cx> <4A1D5856.2040404@interazioni.it> <4A1D6691.9070006@FreeBSD.org> In-Reply-To: <4A1D6691.9070006@FreeBSD.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 23:17:52 -0000 Doug Barton wrote: [...] > I've submitted a proposal to the Foundation twice to extend portmaster > with similar functionality, but I haven't made the cut yet. I am still > interested in obtaining funding for this project, and this looks like > as good an opportunity as any to put that idea in front of new > eyeballs. Please take a look at the URL below, and anyone who has > ideas on how I might go about obtaining funding for this project feel > please let me know. > > > Regards, > > Doug > > http://dougbarton.us/portmaster-proposal.html As I am one of the users waiting for the feature: "H. Add support for shutdown and startup of services." I am suggesting more general interface for deinstall/preinstall/postinstall action hooks. Not just stop & start services, but allow users to define any shell command(s) to be executed in given [de|pre|post]install stage. Similar to BEFOREDEINSTALL, AFTERINSTALL... in pkgtools.conf of portupgrade, where one can define for example: 'security/courier-authlib*' => proc { |origin| cmd_real_restart_rc(origin) + '; chmod 0755 /var/run/authdaemond' }, It will be useful to define any commands, for example some logging patterns, e-mail alerts to operators, or shutdown another depending services (one may want to stop Apache, Postfix etc. if those services depends on MySQL and MySQL is the deinstalled package) I was trying to hack it on my own few month ago, but end up with ENOTIME (+ ENOSKILLS) :o) This is #1 on my wish list for improvements of portmaster. (#2 is support of binary packages) I hope you will succeed with funding. Thank you for your work on portmaster! (my primary ports tool) Miroslav Lachman From owner-freebsd-isp@FreeBSD.ORG Thu May 28 10:31:54 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5EE3310656A8 for ; Thu, 28 May 2009 10:31:54 +0000 (UTC) (envelope-from nglrossi@gmail.com) Received: from mail-fx0-f159.google.com (mail-fx0-f159.google.com [209.85.220.159]) by mx1.freebsd.org (Postfix) with ESMTP id D8CDE8FC0C for ; Thu, 28 May 2009 10:31:53 +0000 (UTC) (envelope-from nglrossi@gmail.com) Received: by fxm3 with SMTP id 3so673856fxm.43 for ; Thu, 28 May 2009 03:31:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=nMyJkx6VU7PfD5Jc96kXVpFcWXCgz1d2k+Cgcn36iSQ=; b=qzmiGc09Is5Oth3hU4NdrdpaFe8XdnxUbR2stN/AntzPwthpp1wNikcxRI0TgJfOHy clx9G0Y7hfaM9A7vbF2PPtdaMBHj0UmWDeVShznQk2KoPJtINp27akiSXnv7ftAQ/57C 2rbf8+ZaIrrzOczfAIl1DwvtmgJ0n/3wEOkns= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=nsO+87hSMC+37ZL/fpf1iejmaTpIfv/6ECg7wAfIi/rkCA1caVorgeyiXdDhLQoJZP soDEQdPOw1Eul2DpT4BjTrXqAAudiYYo2rsUO/jDbiwbBPufECBrxltFcrsRrn+WhDHE FbjIdsxP7IFdcNCTQGlApI18zR8C9EPJDM7nI= MIME-Version: 1.0 Received: by 10.223.108.210 with SMTP id g18mr1014630fap.38.1243505208838; Thu, 28 May 2009 03:06:48 -0700 (PDT) In-Reply-To: <4A166B29.1070202@interazioni.it> References: <4A166B29.1070202@interazioni.it> Date: Thu, 28 May 2009 12:06:48 +0200 Message-ID: <6c1e076a0905280306q3457242q311e0f8a0c2cff38@mail.gmail.com> From: Angelo To: "Tonix (Antonio Nati)" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 10:31:54 -0000 On Fri, May 22, 2009 at 11:06 AM, Tonix (Antonio Nati) wrote: > I'm in the phase of planning my new generation of FreeBSD servers, and I > would love to make them more easy to upgrade. > Main problem I have currently is I do not want any source code on > production server, so freebsd-update is welcome, but... what about packages? > I would use packages, but they are not easy to upgrade, while ports can be > easy to upgrade, but need to have sources an servers. > > What do you suggest me? What is currently done on other environments? > > Thanks, > > Tonino > > -- > ------------------------------------------------------------ > Inter@zioni Interazioni di Antonio Nati > http://www.interazioni.it tonix@interazioni.it > ------------------------------------------------------------ > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > Hi, some good solutions have been suggested. I personally like and find easy to maintain these two: - having a build server where to compile code, pkg_create and then distribute the packages and pkg_add them (what I was doing at the last shop where I was working on FreeBSD) - when you need to install/upgrade software you nfsmount volumes from a non critical host that hosts the source code All the installation/upgrades can be pushed with a tool like cfengine; this way you can test the process on testing servers and then decide when and how to push the changes on the other machines in the order you wish. With cfengine you can perform whatever actions you want so you can actually include pre and post installation scripts and checks. This also makes really easy to add new machines, install a fresh OS and apply ALL the changes you applied to the other server without forgetting a single package or setting. To keep things simple I try to have the base freebsd setup as clean as possible on the server and install only the packages that are really needed for infrastructural purposes: monitoring tools, cfengine and a host based firewall. Every non infrastructural service goes on its own into a minimal jail This makes trivial to migrate services from a server to another and prevents to have package conflicts (never tried to make different versions of php or perl coexist?) on the base system. My 2 cents :) Angelo From owner-freebsd-isp@FreeBSD.ORG Thu May 28 16:35:06 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B4751106566C for ; Thu, 28 May 2009 16:35:06 +0000 (UTC) (envelope-from steve@kcilink.com) Received: from yertle.kcilink.com (thingy.kcilink.com [74.92.149.59]) by mx1.freebsd.org (Postfix) with ESMTP id 614F38FC16 for ; Thu, 28 May 2009 16:35:06 +0000 (UTC) (envelope-from steve@kcilink.com) Received: from steve.int.kcilink.com (steve.int.kcilink.com [192.168.7.99]) by yertle.kcilink.com (Postfix) with ESMTP id 9A9668A253 for ; Thu, 28 May 2009 12:16:26 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kcilink.com; s=kci0709; t=1243527386; bh=erY7WqqJEuSKNFxYo9NAs9NXfrkkDY84o0RAGoJaCXI=; h=Message-Id:From:To:In-Reply-To:Content-Type: Content-Transfer-Encoding:Mime-Version:Subject:Date:References; b=SZxXEerfxM00cnGJlno2jmF3KFt6v6ntSY5cADGm0NsMmraQkBKJud2roa7pWKKrU KKB/1Lpfi6nJTxwpnus1NF/r+5qeYnuzVPdnt7MHZ/5fzb/7faZvHvl/A/5+wHBCj3 1gTMW5bXbndJLF9XRsMEHzPb9RSegnO33z94ONyk= Message-Id: From: Steve Scally To: freebsd-isp@freebsd.org In-Reply-To: <20090524120020.6B42E10656B9@hub.freebsd.org> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Date: Thu, 28 May 2009 12:16:26 -0400 References: <20090524120020.6B42E10656B9@hub.freebsd.org> X-Mailer: Apple Mail (2.935.3) Subject: Re: Avoiding source code on production servers (Neil Neely) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 16:35:07 -0000 > > Tonix (Antonio Nati) wrote: >> I'm in the phase of planning my new generation of FreeBSD servers, >> and >> I would love to make them more easy to upgrade. >> Main problem I have currently is I do not want any source code on >> production server, so freebsd-update is welcome, but... what about >> packages? >> I would use packages, but they are not easy to upgrade, while ports >> can be easy to upgrade, but need to have sources an servers. > The weakness of FreeBSD here is very unfortunate and IMO goes far > beyond > just source vs binary distribution. Working in a mixed environment > where we have begun heavily using CentOS and utilizing yum it's > obvious > how far behind FreeBSD has fallen in this space. Ports lack any > kind of > concept of "Long Term Stable", so if you are running anything in > ports > (like say perl...) then when a security issue comes out you end up > having to install new versions - the default is not to patch the older > versions. For non-production environments that is likely fine, but > for > major production services it is a painful scenario. So you aren't > just > fixing security you are mixing in the concept of adjusting > functionality > as well. > > (A recent perl "security" upgrade moved perl to a new version which > broke compatibility with the Crypt::CBC module requiring a reinstall - > the new version of that from ports forced salting when it hadn't > previously and now applications were needing to be recoded to get it > all > working again.) This seems more like a flaw in the upgrade procedure you have setup and not testing before upgrading. I would assume, being this is the ISP list, you have multiple redundant type boxes of which one can be taken out of production and upgraded and if it fails will not disrupt service. One setup, which I can think of, that can't really be tested is if your hosting sites for customers in that case it would be a bit hard to setup a mirrored test environment for but nothing is impossible. > > At the end of the day FreeBSD of course lets you have all the power to > just apply the patches yourself to the source and you would be > fine. At > the cost that you need to be doing all of this work yourself and can't > rely on nice management tools to help you. Every problem I've ever > encountered with FreeBSD can be easily handled by a FreeBSD expert - > but > when I bring in a new green admin they have a heck of a time making > any > sense of it and I'm drug back into the trenches of managing all this. I am coming from the opposite end, I used to do CentOS work and now work on FreeBSD and after getting over the initial learning curve and methodology of FreeBSD I find it much better than CentOS. It is much easier to screw up a system with a yum upgrade, wrong priority, or a package from the centos-plus repo. Also linux in general doesn't have a centralized place to read pr notices or an automated portaudit system. For me I had to follow a security focus list or CERT list to see which packages were vulnerable then go to the maintainers and get information. Then I had to wait for CentOS to push out an update and that to me is a maintenance nightmare. The only way to get your new admin up to speed is to let them experience the problem and solve it. Internal documentation also helps immensely or a wiki. Without the network specific information available it doesn't matter what OS you use there will be a huge hurtle. In fact if you don't already have this setup why not let your junior guys work on it. In our wiki we have all our procedures for backups, nightly processes, system flows, mail paths, port options, etc. We also have pages listing all issues or steps needed for upgrades of all our specific server types, mail, dns, management and so on. > > > Why the contrast is extra frustrating is that it takes considerable > skill and understanding of the details of an environment to safely > update a production FreeBSD server. Internal documentation would help here as well as a repo for all your one-off configs then multiple changes can be tracked. > Contrast this with CentOS where an > extremely green admin can easily manage it with minimal instruction. > Unlike with the FreeBSD process this has no risk that it will cause > cascading complex issues that require application modification to > restore them to operation. > Yum can be be just as finicky and destructive if not setup or executed correctly. Just my thoughts. > I've been using FreeBSD since the 2.x days in '96 or so, and I love > it - > my tone is critical because I'm sad to see the state of things and > doubly sad that I don't have the time to volunteer with the project to > help do something about it. In most ways I consider FreeBSD > superior to > any linux, however this core issue of maintenance over time has been > driving our shift to using CentOS over the last few years. If a "Long > Term Stable Port Tree" concept were to come along I think that would > plug the hole here. While I lack the time to lead such a charge, I > would be happy to assist if such an effort were to get launched. > > -- > Neil Neely > http://neil-neely.blogspot.com/ From owner-freebsd-isp@FreeBSD.ORG Fri May 29 10:21:02 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 33CA5106566C for ; Fri, 29 May 2009 10:21:02 +0000 (UTC) (envelope-from support@eset.com) Received: from ocelot.nod.sk (ocelot.nod.sk [93.184.71.7]) by mx1.freebsd.org (Postfix) with ESMTP id EA5F68FC12 for ; Fri, 29 May 2009 10:21:01 +0000 (UTC) (envelope-from support@eset.com) Received: from PBX01 ([10.1.133.18]) by LEELA.hq.eset.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 29 May 2009 11:59:46 +0200 Date: Fri, 29 May 2009 11:59:46 +0200 (CEST) From: support@eset.com To: freebsd-isp@freebsd.org Message-ID: <0000Ma514QD260PC@eset.sk> In-Reply-To: <20090529095824.CA1F4B3199D5@ocelot.nod.sk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailer: Genesys E-Mail 7.5.000.11 Auto-Submitted: auto-replied X-Loop: support@eset.com X-OriginalArrivalTime: 29 May 2009 09:59:46.0558 (UTC) FILETIME=[327339E0:01C9E044] Subject: ESET Customer Care, unknown ticket number X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 May 2009 10:21:02 -0000 Dear Valued Customer The e-mail you sent does not contain valid Ticket number. In case you have = open support request with ESET Customer Care please use a "Reply" function = to respond to any e-mail sent from ESET Customer Care Representative. In case you would like to open a new service request please use technical s= upport form in the "Help and Support" section in your product (recomended E= SET Smart Security and ESET NOD32 Antivirus version 3 and higher). Alternat= ively you may use the technical support form on our webpage: http://www.ese= t.eu/support/form Kind regards, ESET Customer Care Aupark Tower, 16th floor, 851 01 Bratislava, Slovak Republic www.eset.eu ----- Original Message ----- From: freebsd-isp@freebsd.org Sent: Friday, May 29, 2009 11:55:05 AM GMT+02:00 Subject: Delivery Error (support@nod32.com) > >Mail Delivery Error - This mail contains unicode characters > >------------- failed message ------------- >jsTK1bhOP>yM'!R!k!SpVA:7q22pR*oFuvGWxlnU:S' >w*2~9~-<_Jx*=C3=A4!#U'9.(94g-zsYHuq=C3=B6-W9ZYv%t=C3=A4e1+v0sL?o.AeNTe_Aggeeo:ba+bM2h_U4QO'_PfeiPSlrW >YAO'BZG$Sovys&Tob&vcGl>( > >The message has been sent as a binary attachment. > From owner-freebsd-isp@FreeBSD.ORG Fri May 29 12:58:28 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA0F2106564A for ; Fri, 29 May 2009 12:58:28 +0000 (UTC) (envelope-from bounce-20-447332304@trakken.google.com) Received: from smtp-out3.google.com (smtp-out3.google.com [216.239.33.18]) by mx1.freebsd.org (Postfix) with ESMTP id 7FB998FC18 for ; Fri, 29 May 2009 12:58:28 +0000 (UTC) (envelope-from bounce-20-447332304@trakken.google.com) Received: from zps67.corp.google.com (zps67.corp.google.com [172.25.146.67]) by smtp-out3.google.com with ESMTP id n4TCmPRM012449 for ; Fri, 29 May 2009 13:48:26 +0100 Received: from wpaz9.hot.corp.google.com (wpaz9.hot.corp.google.com [172.24.198.73]) by zps67.corp.google.com with SMTP id n4TCmPZC023674; Fri, 29 May 2009 05:48:25 -0700 Received: from gxk16 (gxk16.prod.google.com [10.202.11.16]) by wpaz9.hot.corp.google.com with ESMTP id n4TCmNOk011047 for ; Fri, 29 May 2009 05:48:24 -0700 Received: by gxk16 with SMTP id 16so228222gxk.1 for ; Fri, 29 May 2009 05:48:23 -0700 (PDT) Received: by 10.100.141.10 with SMTP id o10mr2002068and.26.1243601303595; Fri, 29 May 2009 05:48:23 -0700 (PDT) Date: Fri, 29 May 2009 12:48:18 -0000 From: "Copyright Service" To: freebsd-isp@freebsd.org Message-ID: <#14.1aa9bfd0.945ac5ce.4a1fd992.2577@google.trakken.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" In-Reply-To: <20090529124737.EF8094001A@sjl-mbox1.sjl.youtube.com> User-Agent: Neotonic Trakken/inject_gmr-2.60.1 Precedence: bulk Auto-Submitted: auto-replied Subject: Re: approved X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 May 2009 12:58:29 -0000 This is an automated response to let you know that your message has been caught by our spam filter. Something in your message set it off, and your message won't be read. Please don't reply to this message -- we won't get your response. We want to hear from you, however, and apologize for this inconvenience! Please try sending your message again, possibly excluding any strange text or images. Sending your message as "Plain Text" is probably a good idea too. Alternately, you can send us a message using the contact form in our help center. http://www.google.com/support/youtube Original Message Follows: ------------------------ From: freebsd-isp@freebsd.org Subject: approved Date: Fri, 29 May 2009 20:47:38 +0800 Your file is attached. ******************************************************************** Original filename: file.pif Virus discovered: W32/Netsky.P@mm ******************************************************************** A file that was attached to this email contained a virus. It is very likely that the original message was generated by the virus and not a person - treat this message as you would any other junk mail (spam). For more information on why you received this message please visit: http://www.corp.google.com/ops/sysops/services/email/filtering/spam-virus/end_user.html#virusoverview For specific questions about this policy, or if this is a matter requiring the attention of a human, open a Helpdesk ticket. ********************************************************************