From owner-freebsd-hackers@FreeBSD.ORG Fri Mar 29 18:32:12 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 5717B922 for ; Fri, 29 Mar 2013 18:32:12 +0000 (UTC) (envelope-from toasty@dragondata.com) Received: from mail-ie0-x22a.google.com (mail-ie0-x22a.google.com [IPv6:2607:f8b0:4001:c03::22a]) by mx1.freebsd.org (Postfix) with ESMTP id 24C9A333 for ; Fri, 29 Mar 2013 18:32:12 +0000 (UTC) Received: by mail-ie0-f170.google.com with SMTP id c11so812628ieb.15 for ; Fri, 29 Mar 2013 11:32:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dragondata.com; s=google; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=mWNs4Qcil2qF0SvlEWPuwHZfZk0pc7LEQyLBVo+8Wkk=; b=gp9+vBebFEDE7TUvWmcKBW0WdipxJ7LVSCo4/nXUB5weSuKPaxJUxt653a+z3n+1rm E7QOFdxAm8ZhNaB2GPEqiJqeK8ABPg1ind8llpvX6v1ih8RC5piOIFTQxzPtMqgqU/pV M83lGa/SxjHxR87nA2PrSyaH49NDUkC+HP3Zk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=mWNs4Qcil2qF0SvlEWPuwHZfZk0pc7LEQyLBVo+8Wkk=; b=McNFMTUkYou9xqgc+pmXk9P90EO1hKvxdz5JV6ojcqbFbJyVvLjQmrB0mSxsgT4Eo2 gHpwl4+vb5PehNydjN7x4mTwnJ2ptZQk0wewKaMB6X8MJfzqn1D3rZo3FXglUM/HN/60 cSzIL5PdmZ8MCuKkF1aKNCPrSbm/0ii5wQc3Dfu8sqIUZiAU4bkWDYbOO6ORoOWKyaP5 BLT8gT5U2v3tuj0ENtMxkiCsU3ob+HAMEhZ1eLDPY6NsnYw/YLk+DkaYdzjaVIQp0Kp/ bvC5zmIkL5NZsherQD0MiZHrMUCUMhKJ6HVUeNL547K40+isM4Fn97sYp7hetxlvvfFp uMMA== X-Received: by 10.50.127.132 with SMTP id ng4mr331124igb.32.1364581931821; Fri, 29 Mar 2013 11:32:11 -0700 (PDT) Received: from vpn132.rw1.your.org (vpn132.rw1.your.org. [204.9.51.132]) by mx.google.com with ESMTPS id y5sm602641igg.7.2013.03.29.11.32.10 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 29 Mar 2013 11:32:11 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) Subject: Re: Seeking an extended-support O/S similar to FreeBSD From: Kevin Day In-Reply-To: <20130329180646.GL42080@manor.msen.com> Date: Fri, 29 Mar 2013 13:32:09 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <5659014B-03C2-4FBC-B2F9-4C1B667C2A67@dragondata.com> References: <20130328212955.GJ42080@manor.msen.com> <20130328231043.GA3666@ethic.thought.org> <20130329180646.GL42080@manor.msen.com> To: Michael Wayne X-Mailer: Apple Mail (2.1503) X-Gm-Message-State: ALoCoQkPKrjgn2RaEypvYptxeSUfolTvkJ/GxD6Rkpv5rD+u2SpEdR2FaJpvfVniHbwWHGbowoKt Cc: FreeBSD Hackers X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Mar 2013 18:32:12 -0000 On Mar 29, 2013, at 1:06 PM, Michael Wayne = wrote: > On Thu, Mar 28, 2013 at 07:31:50PM -0700, Freddie Cash wrote: >>=20 >> Every other minor release of FreeBSD is supported for 2 full years, = with no >> new features added, just security fixes (aka Extended Releases). >>=20 >> And every major release of FreeBSD is supported for at least 4, = somtimes 5, >> years. >=20 > That's exactly the issue. After 4-5 years, there's nothing. >=20 >> FreeBSD isn't perfect (what OS is?), but it's amazing that you can = install >> the newest versions of MySQL, Firefox, KDE, Postfix, etc on 7.4 = (until the >> end of Feb, anyway), or 8.3, or 9.0, or 9.1. And can continue to get >> security fixes for all those releases (except 7.x now). >=20 > That's no help at all to a bunch of machines that started life on > 4.1 back in 2000 and will continue to run another 10-15 years, is > it? What's your suggestion for dealing with that? It's not like > anything currently supported is gonna fit on those machines without > a rediculous amount of effort. >=20 >> What's missing from FreeBSD support? >=20 > Having one release supported for an extended time. It would be > insane to consider maintaining every release for an extended period > but ONE release, supported for an extended period (decades) would > really help. We're far enough down the security path that there > are not that many security vulnerabilities in base. Ports generally > build just fine on older versions. =20 We have servers that are currently in production use that we purchased = in 2002. They're fully capable of running 9.1-RELEASE, so we keep them = updated regularly. FreeBSD 2.x through 9.1 are installable off a single = CD - disk space requirements have not increased in any substantial way. = Later kernels tend to have more things in modules, so memory usage may = be lower just with a GENERIC kernel.=20 Compatibility also isn't really an issue - this isn't like Windows where = upgrading from Windows XP to Windows 8 is going to leave you with a = bunch of applications that don't work and missing drivers for half your = stuff. In most cases support is additive, and backwards compatible.=20 It's very rare for a new version to pull support for hardware that's = even slightly commonly used. The only reason things get pulled are that = usually there's nobody with hardware anymore to even test it, so trying = to maintain compatibility even on an ancient version of FreeBSD is hard = because the ability to verify they haven't broken it is gone. You also need to consider power cost v.s. replacing hardware, too. A = server that was a beast in 2000 is likely slower than a modern day Atom = box, and likely uses 10-30x the power. We obsolete (and donate) old = equipment once replacing it pays for itself in 6 months. All of our = pre-2002 servers are gone now due to this, and we'll probably be in the = 2005 range by the end of the year. And keep in mind that there have been many vulnerabilities in the base = system, mostly local but some remote. Just pushing a patch out to = FreeBSD 4.1 is going to be a big undertaking because, again, it = supported some obscure stuff that got removed because there are no = developers who even have that hardware anymore. (ISDN for example) Asking for "decades" of support is rare for any software product, unless = you're talking about enterprise levels of support that basically pay for = a few people's salaries to be dedicated on it. To use Microsoft as an = example, Windows Server 2003 was released in 2003, and standard = support/updates ended in 2010. That's *paid* support that lasts 7 years. = You can pay even more gobs of money to get another 5 years of *support* = but no updates out of them. If you want security updates to Windows = Server 2003 beyond 2010, you installed Server 2008, which is supported = until 2015. Their basic policy is they support things for a minimum of 5 = years, or 2 years after the next version comes out, whichever is longer.=20= Rather than saying you want a 20-30 year commitment on one specific = version, can you go into more detail why updating isn't possible for = you? freebsd-update has made updating about as painless as I can = imagine it being. Especially if you want to live a little dangerously = and skip the last step that removes the old libraries - you don't need = to recompile anything if you really can't. If you're operating things = that are extremely risk averse where any change needs substantial = validation before putting it into production, you're probably better off = with a commercial OS that splits out individual changes instead of = rolling releases like FreeBSD. We walk a lot of our customers through keeping their systems updated, so = I'm always curious to hear why it's unpalatable for some reason. -- Kevin