From owner-freebsd-stable@FreeBSD.ORG Mon Jun 30 10:26:09 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D6D211065676 for ; Mon, 30 Jun 2008 10:26:09 +0000 (UTC) (envelope-from kris@FreeBSD.org) Received: from weak.local (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D391F8FC13; Mon, 30 Jun 2008 10:26:08 +0000 (UTC) (envelope-from kris@FreeBSD.org) Message-ID: <4868B4BD.9030002@FreeBSD.org> Date: Mon, 30 Jun 2008 12:26:05 +0200 From: Kris Kennaway User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421) MIME-Version: 1.0 To: Andy Kosela References: <3cc535c80806290345s2d7ec96bse2587642bcaf5086@mail.gmail.com> In-Reply-To: <3cc535c80806290345s2d7ec96bse2587642bcaf5086@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable@freebsd.org Subject: Re: tracking -stable in the enterprise X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jun 2008 10:26:09 -0000 Andy Kosela wrote: > On Jun 25, 2008, at 3:46 AM, Peter Wemm wrote: >> I think we still have FreeBSD-3.x machines in production. I know we >> have FreeBSD-4.3. 99.9% of security issues don't affect us. We have >> our own package system built on top of FreeBSD's pkg_add format and >> have the ability to push packages to machines. If circumstances >> warrant it, we can push a fix for something. It'll either push a new >> binary or be a source patch that is compiled directly on the machines >> in question. The machines run a custom software stack. More often >> we push fixes for driver or performance fixes or things like timezone >> updates. > > Ports infrastructure do not support such old FreeBSD versions, so how > do you deal with that? Do you maintain your own CVS branches of > selected packages and backports necessary security patches? I guess it > demands considerable effort to compile the latest apache on FreeBSD > 3.x or 4.x. > It would be easy to maintain 4.x compatibility in Yahoo's package system. They probably only need a relatively small number of ports, and there is no need to stay in sync with changes to the ports infrastructure. Those changes are almost all completely gratuitous from the point of view of deploying packages within a site since they are changes to the *ports* infrastructure. The FreeBSD *package* infrastructure has changed almost not at all over time (but yahoo have their own package system anyway). To the extent that the vendor applications still support old versions, the model would be the same: vendor source + patches --> binary. You can do that with a system based on the ports collection from last century if you like :) I would guess that Yahoo actually forked the ports system long ago (in the 2.x days?) or never used it directly, and either port their changes directly or by taking patches from freebsd ports. Kris