Date: Thu, 18 Apr 2002 14:14:08 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <20020418134015.D47205-100000@roble.com> In-Reply-To: <bulk.7251.20020418114202@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jon Bergfeld <jbergfel@yahoo.com> wrote: > look, the existing process seems to work fine for everyone else, so if > you want a new way to upgrade, develop it yourself. Actually the existing process does not work fine for everyone, neither Brett, myself, nor many other sysadmins of mission-critical production systems. If you would suppress the dirt-mouthed language and stop shooting the messenger this might be more evident. Different sites have different levels of risk tolerance. CVSup is not the right tool for applying minimal deltas of fully tested code to mission-critical servers. I've migrated several FreeBSD servers to Solaris over the years for exactly this reason. Solaris' patch and package subsystems are considerably better designed (i.e, anal) and the patches are far more thoroughly tested than you'll find in FreeBSD. This is a core difference between much free and commercial software and it doesn't appear likely to change any time soon (especially given the responses to Brett's wholly accurate observations). The development-oriented readers of -security, good as their coding skills are (and they are the best), simply don't have the admin or management experience necessary to understand a risk-analysis with this level of distinction much less the time or inclination to write the necessary code or implement supporting procedures. FreeBSD is the finest OS for many, many applications. It's not, however, the best at minimizing the risk of applying patches. Trying not to be critical, just noting the facts as I see them, -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020418134015.D47205-100000>