From owner-freebsd-questions@FreeBSD.ORG Mon Sep 27 06:13:39 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1EA5716A4CE for ; Mon, 27 Sep 2004 06:13:39 +0000 (GMT) Received: from gwdu60.gwdg.de (gwdu60.gwdg.de [134.76.8.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B33043D54 for ; Mon, 27 Sep 2004 06:13:38 +0000 (GMT) (envelope-from kheuer2@gwdg.de) Received: from gwdu60.gwdg.de (localhost [127.0.0.1]) by gwdu60.gwdg.de (8.12.11/8.12.8) with ESMTP id i8R6Da2d056154; Mon, 27 Sep 2004 08:13:36 +0200 (CEST) (envelope-from kheuer2@gwdg.de) Received: from localhost (kheuer2@localhost)i8R6DaX5056151; Mon, 27 Sep 2004 08:13:36 +0200 (CEST) X-Authentication-Warning: gwdu60.gwdg.de: kheuer2 owned process doing -bs Date: Mon, 27 Sep 2004 08:13:36 +0200 (CEST) From: Konrad Heuer To: bsdfsse In-Reply-To: <4157AB8B.2020007@optonline.net> Message-ID: <20040927080624.E56012@gwdu60.gwdg.de> References: <4157AB8B.2020007@optonline.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: "freebsd-questions@FreeBSD.ORG" Subject: Re: Is it safe to run a webserver on 5.x ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Sep 2004 06:13:39 -0000 On Mon, 27 Sep 2004, bsdfsse wrote: > I started running FreeBSD because a friend of mine is going to run a > website on 4.10-STABLE. Someone had told him that 4.x was "safer" to > run than 5.x. > > Recently I had a hardware problems on one of my machines that is forcing > me to run 5.x on it, instead of 4.x. Should I lobby my friend to also > run 5.x ? His webserver will be behind a hardware firewall. > > Its my understanding servers on the web often run the "security > release", which is RELEASE+fixes. That way, no new features in STABLE > introduce more exploitable bugs. Other people run web servers on STABLE > (they must feel confident that nothing new is going to break). > > After reading different places on the web, I haven't been able to draw a > conclusion. Any suggestions? As far as I can tell from my experiences, I'd make no difference between 4.10 and 5.x concerning system security as long as 4.10 will be supported. As long as the current hardware is supported, you'll be on the safe side using 4.10 if high system stability is desired. I run 5.2-CURRENT (build in the mid of August) on a single processor server, and it does well. But I did encounter several problems with 5.x on dual processor hardware, and so I still do not consider to migrate my dual CPU production machines to 5.x. I hope that 5.3-RELEASE will convince me in the month to come. Best regards Konrad Heuer GWDG, Am Fassberg, 37077 Goettingen, Germany, kheuer2@gwdg.de