From owner-freebsd-stable@FreeBSD.ORG Sat Jun 12 22:09:21 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8CCB516A4CE for ; Sat, 12 Jun 2004 22:09:21 +0000 (GMT) Received: from coltrane.babysnakes.org (ns-ilmail3.ns-systems.com [62.90.139.134]) by mx1.FreeBSD.org (Postfix) with SMTP id 76F3F43D46 for ; Sat, 12 Jun 2004 22:09:15 +0000 (GMT) (envelope-from haim@babysnakes.org) Received: (qmail 25234 invoked from network); 12 Jun 2004 22:08:32 -0000 Received: from unknown (HELO parker.babysnakes.org) (192.168.0.5) by coltrane.babysnakes.org with SMTP; 12 Jun 2004 22:08:32 -0000 From: Haim Ashkenazi To: David Wolfskill In-Reply-To: <200406121255.i5CCtIpS009426@bunrab.catwhisker.org> References: <200406121255.i5CCtIpS009426@bunrab.catwhisker.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-s5Phkg/GG/ogI7Uyurgo" Message-Id: <1087078111.18155.2.camel@parker.babysnakes.org> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Sun, 13 Jun 2004 01:08:32 +0300 cc: freebsd-stable@freebsd.org Subject: Re: keeping my freebsd secure... X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jun 2004 22:09:21 -0000 --=-s5Phkg/GG/ogI7Uyurgo Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sat, 2004-06-12 at 15:55, David Wolfskill wrote: > First, there will be *some* downtime. However, it should be a matter of > seconds, not minutes (or more), as it is quite possible to compile a new > port before uninstalling the old one. >=20 > Indeed, "portupgrade" (in the ports) does just that. >=20 > Another way you can help yourself is have another system for doing builds= , > one that does not provide "externally visible" services. You could then > build packages on that system, for installation on your "production" > systems. >=20 > That said, if you really want *no* downtime, you will need to investigate > HA ("high availability") system design, and have multiple (at least 2) > machines providing any given service, with a mechanism for failover. well, I guess I can live with a few seconds of downtime.=20 thanx --=20 Haim --=-s5Phkg/GG/ogI7Uyurgo Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBAy37ehwMtGgRKzT0RAh0yAKCEtNQ92ZpSSxDA4Q3+B9JJdfFnuQCdEZZq ilI6P0gXVxPV/XOq+pwckRU= =98JN -----END PGP SIGNATURE----- --=-s5Phkg/GG/ogI7Uyurgo--