From owner-freebsd-stable@FreeBSD.ORG  Tue May 23 14:39:40 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C68B516A6CC
	for <freebsd-stable@freebsd.org>; Tue, 23 May 2006 14:39:40 +0000 (UTC)
	(envelope-from vivek@khera.org)
Received: from yertle.kcilink.com (yertle.kcilink.com [65.205.34.180])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9559343D46
	for <freebsd-stable@freebsd.org>; Tue, 23 May 2006 14:39:39 +0000 (GMT)
	(envelope-from vivek@khera.org)
Received: from [192.168.7.103] (host-103.int.kcilink.com [192.168.7.103])
	by yertle.kcilink.com (Postfix) with ESMTP id 7861AB826
	for <freebsd-stable@freebsd.org>; Tue, 23 May 2006 10:39:38 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v750)
In-Reply-To: <20060521231657.O6063@abigail.angeltread.org>
References: <4471361B.5060208@freebsd.org>
	<20060521231657.O6063@abigail.angeltread.org>
Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-1-436769299;
	protocol="application/pkcs7-signature"
Message-Id: <174B87B3-AD67-48C8-B44F-90F0BC8093C3@khera.org>
From: Vivek Khera <vivek@khera.org>
Date: Tue, 23 May 2006 10:39:37 -0400
To: FreeBSD Stable <freebsd-stable@freebsd.org>
X-Mailer: Apple Mail (2.750)
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Re: FreeBSD Security Survey
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 May 2006 14:39:41 -0000


--Apple-Mail-1-436769299
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed


On May 22, 2006, at 12:38 AM, Brent Casavant wrote:

> So, in short, that's why *I* rarely update ports for security reasons.

Another valid reason is configuration management.  We run web  
services, and in order to ensure nothing breaks, we have to use a  
fixed set of code.  Upgrading any piece of that requires many steps,  
including verifying functionality and checking for regressions, etc.   
Basically we have to run our full regression tests on any changes,  
then roll them out in a controlled fashion minimizing down time.


--Apple-Mail-1-436769299--