From owner-freebsd-security Thu Apr 18 18:13: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 4F22837B41B for ; Thu, 18 Apr 2002 18:12:59 -0700 (PDT) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id TAA02294; Thu, 18 Apr 2002 19:12:55 -0600 (MDT) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g3J1CsQ35858; Thu, 18 Apr 2002 19:12:54 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15551.28438.662471.593081@caddis.yogotech.com> Date: Thu, 18 Apr 2002 19:12:54 -0600 To: Benjamin Krueger Cc: Nate Williams , Jeff Palmer , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip In-Reply-To: <20020418180846.F23267@rain.macguire.net> References: <4.3.2.7.2.20020417230144.032ad390@nospam.lariat.org> <200204171923.g3HJNga58899@freefall.freebsd.org> <4.3.2.7.2.20020418095356.024354c0@nospam.lariat.org> <012901c1e725$da237e90$0286a8c0@jeffrey> <20020418154338.D23267@rain.macguire.net> <15551.27877.743534.149538@caddis.yogotech.com> <20020418180846.F23267@rain.macguire.net> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > > FreeBSD currently does not enable easy maintainance between critical release > > > points for large server environments. Using cvsup to maintain source builds > > > for environments like these ( say 400 servers or more ) is not only > > > unacceptable without an on staff developer and release engineer, it is > > > infeasible. > > > > > > For those of you who would be quick to note that "Corporations with > > > 400 servers should be able to afford a developer and release engineer" > > > please note that 400 NT, Solaris, AIX, or HP-UX servers can be > > > maintained by a small team of administrators, and do not require these > > > extra resources. > > > > So, for 400 NT, Solaris, AIX, or HP-UX servers you allow a small team, > > and for FreeBSD you don't even allow a single engineer? Seems kind of a > > double standard. > > > > And as a long-time administrator, I disagree that FreeBSD is more > > difficult to maintain releases across systems. I've done Ultrix, SunOS, > > Solaris, FreeBSD, and (ack!) Linux, and I find that FreeBSD is second to > > Solaris, but barely so. > > > > However, Solaris doesn't even provide anything remotely close to what > > Brett is asking, and they're getting paid alot for the OS than FreeBSD > > is getting paid. > > > > Nate > > I think you misunderstood. I meant you don't need release engineers for > any of the above, only FreeBSD. FreeBSD might be great, but it doesn't admin > itself yet. ;) Consider 4 sysadmins, and 2 release engineers for FreeBSD, as > opposed to just 4 sysadmins for NT / Solaris / AIX / HP-UX. Call it what you like, but I consider preparing/testing a release for our configuration part of the 'sysadmin' job. Certainly the IS staff at my company does hardware/software verification as part of their job, on *all* platforms (including Win98/NT/Win2K/WinME/XP, along with all of the *nix variants). If it makes you feel better, use the title 'release engineer', but the staff of 4 people should be more than adequate to do all of the tasks necessary to support your installations, regardless of whether FreeBSD is used or not. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message