Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Apr 2001 08:42:20 -0700 (PDT)
From:      Roger Marquis <marquis@roble.com>
To:        security@FreeBSD.ORG
Subject:   Re: Security Announcements & Incremental Patches
Message-ID:  <Pine.BSF.4.21.0104130842080.81645-100000@roble.com>

next in thread | raw e-mail | index | archive | help
> > Production systems administration has to be conservative.  A good systems
> > administrator would *NEVER* run cvsup or -STABLE on a revenue
> > generating production server for example.  Change deltas must be
> > kept to a minimum to minimize the risk of downtime or application
> > problems.
> 
> But below you seem to have an inordinate fondness for the Solaris patch
> mechanism, which is the same thing, but in binary form.  So what's the
> difference?  Just your lack of understanding?

What isn't incremental about Solaris patches?  Even the patch
clusters are broken down by individual patch.  They're also released
with lengthy readme files allowing an admin to pick and choose.
The differences are substantial (to experienced admins at least).
Another difference between Solaris and FreeBSD patches is the level
of QA.  Even among the FreeBSD security patches published in the
last few months many (most?) have had incorrect path names.

> The usual method of handling this in a production environment is to 
> have a "build box"

This is a good practice if you're doing a FreeBSD cvsup or using
-STABLE.  It would be overkill on a Solaris system.  

> you've tested the build, you install it on your production machines as
> operations allow.

Nice that you have the time to go through all that trouble just to
apply a minor patch.  Most productions environments, in my experience,
do not.  When your systems are in various remote datacenters such
a model would be entirely unworkable.  You have to do this for
major upgrades of course, but an OS shouldn't force you through
this hoop more often that every 18 to 24 months.

> Bullshit.  B U L L S H I T.  The "market share" of Linux and FreeBSD are
> unknown and unknowable, so whatever you think they are is probably just
> as WRONG as what Linus and JKH think they are

Your agenda is showing Wes.  The market share of production various
systems is pretty obvious to those who spend any amount of time in
Silicon Valley datacenters.

> and to lump this stupid-ass
> misunderstanding of what -stable is as the sole reason Linux has more
> users than FreeBSD is so far beyond naive to be an out-and-out lie.  You,
> sir, are a scoundrel.

I think people understand what -STABLE is, it's normally called
beta.

-- 
Roger Marquis
Roble Systems Consulting
http://www.roble.com/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104130842080.81645-100000>