Date: Sun, 17 May 2020 00:25:27 -0600 From: "@lbutlr" <kremels@kreme.com> To: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: [FreeBSD-Announce] FreeBSD 12.0 end-of-life Message-ID: <CAB45262-B12E-4C6C-9560-5DEE90628C60@kreme.com> In-Reply-To: <12062767-7DF1-45FE-A464-C864F03CBDCF@thehowies.com> References: <20200217231452.717FA1E820@freefall.freebsd.org> <CAFYkXjmZi1-MB6W0HsMx9gHek7Xg5heoSKKWkNTnw74dxRTwAw@mail.gmail.com> <85E7C97E-EF8B-4FC7-8EF1-758B7BCBAE90@kreme.com> <05112EEC-7FA3-4E18-974B-263A58058E01@kicp.uchicago.edu> <332714B8-2798-42CF-A082-9EDA180CC65B@kreme.com> <20200516201923.8676289a.freebsd@edvax.de> <257EF587-92B5-4671-B6F4-89E86CC2ACA0@kreme.com> <12062767-7DF1-45FE-A464-C864F03CBDCF@thehowies.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 16 May 2020, at 13:12, John Howie <john@thehowies.com> wrote: > Respectfully, the views presented are not in line with desired state. It is in line with reality. > We *should* be able to install s/w and forget it until the hardware = eventually fails. If the software is hardened and unmodifiable and there is no possible = way for it be exploited, sure. But that is pretty much a fantasy for any = complicated software like an OS. > We are building a house of cards with tiered dependencies and upgrades = are often fatal, resulting in prolonged outages. This leads = administrators to just leave systems be. That represents significant = risk. >=20 > We need to build better software, and that starts with simplicity. We = need to stop putting everything, including the kitchen sink, into = releases. We need to focus on code quality. Where we absolutely must = update a system we should, by now, be able to hot patch it. The fact = that as an industry we cannot is scandalous. We need to support = distributions for many, many years.=20 Software needs to balance between doing what is needed (which means. = Keeping up with new technology, new use cases, new media types, etc) and = being stable and secure. If you insist that every thing be perfect from the start, you have = nothing. Because perfect is the enemy of good. > These are not FreeBSD-specific issues, but these are golden = opportunities for FreeBSD to stand out from the crowd by releasing = minimalist distributions, with high-quality software that is supported = for many years, and includes the ability to hot patch vulnerable code. You make something that has so far proved to be basically impossible = sound super simple. If the software can be =E2=80=98hot fixed=E2=80=99 = then the software can be modified. If it can be modified, then it must = be secure. If it must be secure, you need to be able to fix bugs in the = security and fix new-found exploits and move to newer security models. There is a reason we no longer use SSL, and that is a good thing. --=20 'Yeah, well, I didn't sign up for world domination,' said Medium Dave. 'That sort of thing gets you into trouble.' =E2=80=94Hogfath= er
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAB45262-B12E-4C6C-9560-5DEE90628C60>