From owner-freebsd-questions@FreeBSD.ORG Mon Jul 18 19:35:21 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9564F16A41C for ; Mon, 18 Jul 2005 19:35:21 +0000 (GMT) (envelope-from xfb52@dial.pipex.com) Received: from smtp-out1.blueyonder.co.uk (smtp-out1.blueyonder.co.uk [195.188.213.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F55243D53 for ; Mon, 18 Jul 2005 19:35:20 +0000 (GMT) (envelope-from xfb52@dial.pipex.com) Received: from [82.41.37.55] ([82.41.37.55]) by smtp-out1.blueyonder.co.uk with Microsoft SMTPSVC(5.0.2195.6713); Mon, 18 Jul 2005 20:36:03 +0100 Message-ID: <42DC0476.5090304@dial.pipex.com> Date: Mon, 18 Jul 2005 20:35:18 +0100 From: Alex Zbyslaw User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.7.8) Gecko/20050530 X-Accept-Language: en, en-us, pl MIME-Version: 1.0 To: Matt Juszczak References: <20050718142533.Y74755@neptune.atopia.net> In-Reply-To: <20050718142533.Y74755@neptune.atopia.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 18 Jul 2005 19:36:03.0724 (UTC) FILETIME=[EF2ECCC0:01C58BCF] Cc: freebsd-questions@freebsd.org Subject: Re: Billing Server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jul 2005 19:35:21 -0000 Matt Juszczak wrote: > We're setting up a billing server on a Xeon 3.06 ghz with IDE drives > (but it doesn't need to be amazingly fast). > > The billing system we're using supports freebsd 4.11 natively with 5.x > support. > > I need this machine to be tight, and although it will have a public > IP, pf will be installed to keep SSH access to our network only as > well as the web interface of the billing system. > > I'm wondering whether to install 4.11 on this machine or go with 5.4. > I need something stable, rock solid, and secure, and I know 5.4 is > this also, but it is updated more often than 4.11. > If you are sure that all the necessary hardware is supported under 4.11, and you're not going to want the server to do anything new in the future, then I'd stick with 4.11 since your app might like it better. Security patches should keep coming for some time (2007?). You say 5.4 is updated more than 4.11. I do not think that is particularly true if you track -RELENG_5_4 (vs -RELENG_4_11) as opposed to tracking, say -STABLE. For a locked down server, not even all security updates will need immediate action. You can always hedge your bets and (if your disk is big enough) leave a bunch of free space in a slice that you can later use to update to 5.X if you need to. That will also leave 4.11 around if you change your mind. I did it this way and it was relatively painless. --Alex