From owner-freebsd-questions@FreeBSD.ORG Fri Feb 17 15:52:36 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A179D16A420 for ; Fri, 17 Feb 2006 15:52:36 +0000 (GMT) (envelope-from lars@gmx.at) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id CF56D43D45 for ; Fri, 17 Feb 2006 15:52:35 +0000 (GMT) (envelope-from lars@gmx.at) Received: (qmail invoked by alias); 17 Feb 2006 15:52:35 -0000 Received: from 66.86.62.81.cust.bluewin.ch (EHLO [192.168.1.10]) [81.62.86.66] by mail.gmx.net (mp033) with SMTP; 17 Feb 2006 16:52:35 +0100 X-Authenticated: #912863 Message-ID: <43F5F149.1040001@gmx.at> Date: Fri, 17 Feb 2006 16:52:41 +0100 From: lars User-Agent: Thunderbird 1.5 (X11/20060203) MIME-Version: 1.0 To: "Marc G. Fournier" References: <20060216005036.L60635@ganymede.hub.org> <20060216053725.GB15586@parts-unknown.org> <20060216085304.GA52806@storage.mine.nu> <43F4CAA3.1020501@schultznet.ca> <43F4F43D.2090304@gmx.at> <20060216194336.L60635@ganymede.hub.org> In-Reply-To: <20060216194336.L60635@ganymede.hub.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Cc: freebsd-questions@freebsd.org Subject: Re: [Total OT] Trying to improve some numbers ... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2006 15:52:36 -0000 Marc G. Fournier wrote: > On Thu, 16 Feb 2006, lars wrote: > >> If your machine only runs an NFS daemon and is behind a firewall, >> ok, you don't need to patch it asap when an NFS SA and patch is >> issued, if all clients connecting to the machine are benign. > > Actually, there are alot of situations where this sort of thing is > possible ... hell, I could probably get away with running a FreeBSD 3.3 > server since day one, that has all ports closed except for sshd, > imap/pop3/smtp, and be 100% secury ... sshd can be easily upgraded > without a reboot, with the same applying to imap/pop3/smtp if I use a > port instead of what comes with the OS itself ... > > You can say you are losing out on 'stability fixes', else the server > itself wouldn't stay up that long ... so about the only thing you lose > would be performance related improvements and/or stuff like memory > leakage ... > > And I could do this all *without* any firewalls protecting it ... Even if you managed to maintain an old version of a particular OS's uptime for so long, what did you prove? At a time where some OS couldn't even keep it up longer than a day, having a long uptime may have been a 'feature'. IMHO 'uptime' as a 'feature' is overrated, not to say obsolete.