From owner-freebsd-questions Tue Aug 6 18: 6: 0 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 874E137B400 for ; Tue, 6 Aug 2002 18:05:56 -0700 (PDT) Received: from smtp2.mbox.com.au (203-134-146-019.cust.pth.iprimus.net.au [203.134.146.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7337943E65 for ; Tue, 6 Aug 2002 18:05:54 -0700 (PDT) (envelope-from bsd-freak@mbox.com.au) Received: from nms2.mbox.com.au (webmail.mbox.com.au [192.168.20.4]) by smtp2.mbox.com.au (Sun Internet Mail Server sims.4.0.2000.05.17.04.13.p6) with ESMTP id <0H0G005J383J7T@smtp2.mbox.com.au> for freebsd-questions@FreeBSD.ORG; Wed, 7 Aug 2002 08:59:43 +0800 (WST) Received: from mbox.com.au ([127.0.0.1]) by nms2.mbox.com.au (Netscape Messaging Server 4.15) with ESMTP id H0G87O03.3J6 for ; Wed, 07 Aug 2002 09:02:12 +0800 Date: Wed, 07 Aug 2002 11:02:12 +1000 From: BSD Freak Subject: There must be a better way to maintain older systems To: FreeBSD Questions Message-id: MIME-version: 1.0 X-Mailer: Netscape Webmail Content-type: text/plain; charset=us-ascii Content-language: en Content-disposition: inline Content-transfer-encoding: 7BIT X-Accept-Language: en Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all, I am responsible for maintaining 14 FreeBSD, 1 Windows 2000 and 1 Solaris servers at three sites. While I am certianly no fan of Windows 2000 or the commercial UNIX distributions I have to say they take up a lot less of my time to maintain. For example I can download (binary packages) patches and "Service Packs"/hotfixes to patch bugs and vulnerabilities and then I forget about it. Upgrades of OS happen once every 3-4 years (and usually accomany a hardware upgrade which makes it a bit neater and less risky). With FreeBSD however I find myself upgrading every six months or so when a new version is released. I spend half my time upgrading the 14 production servers (in the middle of the night usually!), then by the time I have gotten around to the last system, I'm usually only a month or so away from the next -RELEASE and I I have to do it all again if I am to keep my systems secure and current. I find myself thinking there *MUST* be a better way. I am quite happy with the stability/features of older versions (ie 4.4-R 4.5-R etc). Surely I don't have go through this upgrade cycle every six months! It would be great to just run a pkg_add which would overwrite any insecure binaries with newer patched ones (and do an actual binary upgrade only when absolutely required - e.g. every 2-3 years). I am even thinking of starting such a project myself. Am I missing something? (i.e. is there a better way?) (If someone tells me to cvsup and do a makeworld on my busy production servers I will scream!) --------------------------------------------------------------------- Never lose a fax again, receive faxes to your personal email account! Visit http://www.mbox.com.au/fax To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message