Date: Thu, 18 Apr 2002 18:21:45 -0700 From: Benjamin Krueger <benjamin@macguire.net> To: Nate Williams <nate@yogotech.com> Cc: Benjamin Krueger <benjamin@macguire.net>, Jeff Palmer <scorpio@drkshdw.org>, freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <20020418182145.G23267@rain.macguire.net> In-Reply-To: <15551.28438.662471.593081@caddis.yogotech.com>; from nate@yogotech.com on Thu, Apr 18, 2002 at 07:12:54PM -0600 References: <4.3.2.7.2.20020417230144.032ad390@nospam.lariat.org> <200204171923.g3HJNga58899@freefall.freebsd.org> <4.3.2.7.2.20020418095356.024354c0@nospam.lariat.org> <012901c1e725$da237e90$0286a8c0@jeffrey> <20020418154338.D23267@rain.macguire.net> <15551.27877.743534.149538@caddis.yogotech.com> <20020418180846.F23267@rain.macguire.net> <15551.28438.662471.593081@caddis.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Nate Williams (nate@yogotech.com) [020418 18:12]: > > > > FreeBSD currently does not enable easy maintainance between critical release > > > > points for large server environments. Using cvsup to maintain source builds > > > > for environments like these ( say 400 servers or more ) is not only > > > > unacceptable without an on staff developer and release engineer, it is > > > > infeasible. > > > > > > > > For those of you who would be quick to note that "Corporations with > > > > 400 servers should be able to afford a developer and release engineer" > > > > please note that 400 NT, Solaris, AIX, or HP-UX servers can be > > > > maintained by a small team of administrators, and do not require these > > > > extra resources. > > > > > > So, for 400 NT, Solaris, AIX, or HP-UX servers you allow a small team, > > > and for FreeBSD you don't even allow a single engineer? Seems kind of a > > > double standard. > > > > > > And as a long-time administrator, I disagree that FreeBSD is more > > > difficult to maintain releases across systems. I've done Ultrix, SunOS, > > > Solaris, FreeBSD, and (ack!) Linux, and I find that FreeBSD is second to > > > Solaris, but barely so. > > > > > > However, Solaris doesn't even provide anything remotely close to what > > > Brett is asking, and they're getting paid alot for the OS than FreeBSD > > > is getting paid. > > > > > > Nate > > > > I think you misunderstood. I meant you don't need release engineers for > > any of the above, only FreeBSD. FreeBSD might be great, but it doesn't admin > > itself yet. ;) Consider 4 sysadmins, and 2 release engineers for FreeBSD, as > > opposed to just 4 sysadmins for NT / Solaris / AIX / HP-UX. > > Call it what you like, but I consider preparing/testing a release for > our configuration part of the 'sysadmin' job. Certainly the IS staff at > my company does hardware/software verification as part of their job, on > *all* platforms (including Win98/NT/Win2K/WinME/XP, along with all of > the *nix variants). > > If it makes you feel better, use the title 'release engineer', but the > staff of 4 people should be more than adequate to do all of the tasks > necessary to support your installations, regardless of whether FreeBSD > is used or not. > > > Nate That is very convenient, but I wouldn't call it realistic. We're talking about more than just verification here. We're talking about building and testing an entire OS from source, and then distributing it among a large number of machines. While I'm sure most sysadmins would like to fancy themselves superpeople (I would!), most of us aren't. ;) The point here is that release engineering is very much a larger task than using release patches. With a large server farm, you are going to have lots of reasons to have folks soley dedicated to just this task. -- Benjamin Krueger "Life is far too important a thing ever to talk seriously about." - Oscar Wilde (1854 - 1900) ---------------------------------------------------------------- Send mail w/ subject 'send public key' or query for (0x251A4B18) Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020418182145.G23267>