From owner-freebsd-current@FreeBSD.ORG Sat Sep 25 20:35:23 2010 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A3F6106564A; Sat, 25 Sep 2010 20:35:23 +0000 (UTC) (envelope-from freebsd@bitfreak.org) Received: from baumren.bluerosetech.com (baumren.bluerosetech.com [69.55.234.33]) by mx1.freebsd.org (Postfix) with ESMTP id 4EFA08FC0A; Sat, 25 Sep 2010 20:35:23 +0000 (UTC) Received: from vivi.cat.pdx.edu (vivi.cat.pdx.edu [131.252.214.6]) by baumren.bluerosetech.com (Postfix) with ESMTPSA id DD502CF78C; Sat, 25 Sep 2010 13:10:28 -0700 (PDT) Received: from [127.0.0.1] (c-71-236-221-127.hsd1.wa.comcast.net [71.236.221.127]) by vivi.cat.pdx.edu (Postfix) with ESMTPSA id 51CBE24CF8; Sat, 25 Sep 2010 13:10:26 -0700 (PDT) Message-ID: <4C9E5744.5090702@bitfreak.org> Date: Sat, 25 Sep 2010 13:10:44 -0700 From: Darren Pilgrim User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "M. Warner Losh" References: <20100910234830.87641e07.ray@ddteam.net> <4C8ACE52.8060000@FreeBSD.org> <20100915.082513.802140508206832836.imp@bsdimp.com> In-Reply-To: <20100915.082513.802140508206832836.imp@bsdimp.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: ray@ddteam.net, kimelto@gmail.com, demelier.david@gmail.com, dougb@freebsd.org, freebsd-current@freebsd.org, mj@feral.com Subject: Re: DHCP server in base X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Sep 2010 20:35:23 -0000 M. Warner Losh wrote: > It would be very convenient to have this particular thing in the > base, and we shouldn't be too dogmatic about never having any new 3rd > party things in the base. Please no, don't add optional servers to the base. I already don't like sendmail, bind, ntpd and inetd in the base. These are *optional* software--not required for the normal operation of the OS. They aren't even enabled by default except sendmail. Adding sendmail_enable="NONE" to /etc/rc.conf is one of the first things I do on all new systems. I only barely tolerate openssl in the base because it's needed for openssh; however, I'd rather both of those be in ports as well. There's also the issue of updating: It's very annoying to have to update the OS just to fix a BIND or OpenSSL vulnerability and, let's be honest, we'll likely never see the last of those. Rebooting a production server is non-trivial. By-hand partial installworlds on live systems are a disturbing prospect. If it was a port, just update the port. Its far easier justifying updating a port than modifying the OS on a production server. The Ports System makes updating a port so fast and painless I can do many of the non-user-facing ones without an announced downtime. It's trivial installing ports and utterly so installing packages. I'd love to see us use the awesomeness that is the Ports System to manage these things.