From owner-freebsd-questions@freebsd.org Sun May 17 06:25:31 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E3CBB13FD88 for ; Sun, 17 May 2020 06:25:31 +0000 (UTC) (envelope-from kremels@kreme.com) Received: from mail.covisp.net (mail.covisp.net [65.121.55.42]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49PsZy4fgdz40n6 for ; Sun, 17 May 2020 06:25:30 +0000 (UTC) (envelope-from kremels@kreme.com) From: "@lbutlr" Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [FreeBSD-Announce] FreeBSD 12.0 end-of-life Date: Sun, 17 May 2020 00:25:27 -0600 References: <20200217231452.717FA1E820@freefall.freebsd.org> <85E7C97E-EF8B-4FC7-8EF1-758B7BCBAE90@kreme.com> <05112EEC-7FA3-4E18-974B-263A58058E01@kicp.uchicago.edu> <332714B8-2798-42CF-A082-9EDA180CC65B@kreme.com> <20200516201923.8676289a.freebsd@edvax.de> <257EF587-92B5-4671-B6F4-89E86CC2ACA0@kreme.com> <12062767-7DF1-45FE-A464-C864F03CBDCF@thehowies.com> To: FreeBSD In-Reply-To: <12062767-7DF1-45FE-A464-C864F03CBDCF@thehowies.com> Message-Id: X-Mailer: Apple Mail (2.3608.80.23.2.2) X-Rspamd-Queue-Id: 49PsZy4fgdz40n6 X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of kremels@kreme.com designates 65.121.55.42 as permitted sender) smtp.mailfrom=kremels@kreme.com X-Spamd-Result: default: False [1.60 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; MISSING_MIME_VERSION(2.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; R_SPF_ALLOW(-0.20)[+mx]; DMARC_NA(0.00)[kreme.com]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_ALL(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:65.112.0.0/12, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[65.121.55.42:from] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2020 06:25:32 -0000 On 16 May 2020, at 13:12, John Howie wrote: > Respectfully, the views presented are not in line with desired state. It is in line with reality. > We *should* be able to install s/w and forget it until the hardware = eventually fails. If the software is hardened and unmodifiable and there is no possible = way for it be exploited, sure. But that is pretty much a fantasy for any = complicated software like an OS. > We are building a house of cards with tiered dependencies and upgrades = are often fatal, resulting in prolonged outages. This leads = administrators to just leave systems be. That represents significant = risk. >=20 > We need to build better software, and that starts with simplicity. We = need to stop putting everything, including the kitchen sink, into = releases. We need to focus on code quality. Where we absolutely must = update a system we should, by now, be able to hot patch it. The fact = that as an industry we cannot is scandalous. We need to support = distributions for many, many years.=20 Software needs to balance between doing what is needed (which means. = Keeping up with new technology, new use cases, new media types, etc) and = being stable and secure. If you insist that every thing be perfect from the start, you have = nothing. Because perfect is the enemy of good. > These are not FreeBSD-specific issues, but these are golden = opportunities for FreeBSD to stand out from the crowd by releasing = minimalist distributions, with high-quality software that is supported = for many years, and includes the ability to hot patch vulnerable code. You make something that has so far proved to be basically impossible = sound super simple. If the software can be =E2=80=98hot fixed=E2=80=99 = then the software can be modified. If it can be modified, then it must = be secure. If it must be secure, you need to be able to fix bugs in the = security and fix new-found exploits and move to newer security models. There is a reason we no longer use SSL, and that is a good thing. --=20 'Yeah, well, I didn't sign up for world domination,' said Medium Dave. 'That sort of thing gets you into trouble.' =E2=80=94Hogfath= er