From owner-freebsd-security Sun Apr 22 10:45:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from segfault.kiev.ua (segfault.kiev.ua [193.193.193.4]) by hub.freebsd.org (Postfix) with ESMTP id 4B68E37B422 for ; Sun, 22 Apr 2001 10:45:23 -0700 (PDT) (envelope-from netch@iv.nn.kiev.ua) Received: (from uucp@localhost) by segfault.kiev.ua (8) with UUCP id URH10347; Sun, 22 Apr 2001 20:44:59 +0300 (EEST) (envelope-from netch@iv.nn.kiev.ua) Received: (from netch@localhost) by iv.nn.kiev.ua (8.11.3/8.11.3) id f3MHLit01875; Sun, 22 Apr 2001 20:21:44 +0300 (EEST) (envelope-from netch) Date: Sun, 22 Apr 2001 20:21:44 +0300 From: Valentin Nechayev To: Rasputin Cc: freebsd-security@freebsd.org Subject: Re: Security Announcements & Incremental Patches Message-ID: <20010422202144.A313@iv.nn.kiev.ua> Reply-To: netch@segfault.kiev.ua References: <20010412105356.A88231@dogma.freebsd-uk.eu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20010412105356.A88231@dogma.freebsd-uk.eu.org>; from rara.rasputin@virgin.net on Thu, Apr 12, 2001 at 10:53:56AM +0100 X-42: On Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thu, Apr 12, 2001 at 10:53:56, rara.rasputin (Rasputin) wrote about "Re: Security Announcements & Incremental Patches": > > Agreed. It might be worthwhile to point out that Linux is gaining > > market share by leaps and bounds while FreeBSD's user base remains > > relatively stagnant for *exactly* this reason. > > Why? Because RedHat only provide updates as individual RPMS, so updating > a system from one version to another was always a complete nightmare? > (Exhibit A being shipping the new version of RPM as an RPM. > In the new package format.) > A central source tree form kernel and userland is BSDs crtowning glory, IMO. > But that's not to say that patches aren't an option. FreeBSD is at one polus, RedHat at another, but both has the same sickness: lack of internal ABI compatibility culture. This sickness requires violent synchronization of all compiled system code via `make world' in FreeBSD (and not only world! any third-party application, which uses KVM - e.g. ucd-snmp - should be recompiled with KVM change), and quite often strange upgrade order topology in RedHat or any another Linux-based system, with almost guaranteed incorrect work when upgrade is not completed (e.g. after installworld but before reboot). None commercial operating system can allow permanent ABI changes of its interfaces without correct support of old ones: vendor of such system shall be bankrupt rather soon, even in case it provides sources, even in `open source' case. (RedHat is not commercial system, is it?) However, RedHat variant with individual RPMs is much more convenient for admins which cannot upgrade total system to last -STABLE and on another side has no C code compiling skills; /me personally knows a few real examples of admins who had to use RedHat/KSI/BlackCat due to such FreeBSD requirements. (It's not me; at my job we have a large team of FreeBSD apologists;-) but only for PC and only for free systems world.) It is quite simple for any qualified FreeBSD admin, including FreeBSD FTP site team, to make patched binaries for all supported releases for any security advisory and put them for free download for such admins who has bad compiling skills; but it is not provided now, and anyone should recompile the whole world or teach compilation underwater stones (why `make depend' is required, what `make obj' does,...) and put patch with hands tremor and after `100 gramms of good whiskie to be brave', instead of simple `rpm -U'. > IMO, all contact I've had with the FreeBSd team has been motivated out of > a genuine need to create a good product. Saying they do this to > 'increase market share' does them a disservice. > Their motivation to me has always seemed to be to make an OS > that sucks less than any other, whether or not that's commercially attractive. If the OS sucks less, it shall be commercially attractive. If it is not commercially attractive, it sucks in something. This `something' can be lack of $$, as compared with Microsoft, or lack of efficient unbuggy pthreads implementation, as compared with AIX or HP-UX, but it exists. Really, solution to use violent syncronization based on compile-time dependencies is made long time ago and supported by FreeBSD developers, and my letter is ugly flamebait against it. Please move thread to correct list in case you reply. /netch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message