From owner-freebsd-questions@FreeBSD.ORG Thu May 20 14:28:31 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4FEB61065670 for ; Thu, 20 May 2010 14:28:31 +0000 (UTC) (envelope-from roger@vetterberg.com) Received: from mailscan.gavlenet.com (unknown [IPv6:2001:b48::25]) by mx1.freebsd.org (Postfix) with ESMTP id D46C98FC22 for ; Thu, 20 May 2010 14:28:30 +0000 (UTC) Received: from [192.168.1.222] (unknown [213.141.83.3]) by mailscan.gavlenet.com (Postfix) with ESMTP id 8AA8FE7E044; Thu, 20 May 2010 16:28:22 +0200 (CEST) Message-ID: <4BF54704.20909@vetterberg.com> Date: Thu, 20 May 2010 16:28:20 +0200 From: Roger Vetterberg User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: Dan Naumov References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Gavlenet-MailScanner-ID: 8AA8FE7E044.A96F7 X-Gavlenet-MailScanner: Found to be clean X-Gavlenet-MailScanner-From: roger@vetterberg.com X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: How long do you go without upgrading FreeBSD to a newer release? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 May 2010 14:28:31 -0000 On 2010-05-16 17:42, Dan Naumov wrote: > Hello folks > [snip] > > Do you liva by the "If it's not broken, don't fix it" mantra or do you > religiously keep your OS installations up to date? > > > - Sincerely, > Dan Naumov Depends on the installation requirements. I know of two 2.2.8 installations on PII hardware still running like champs, not a glitch in god knows how many years of 24/7 operation. None of them are exposed externally so there are no security considerations. The customers that runs them are still more then happy with their servers so I'm actually a bit curious to see how long they will keep them running. I have a few other servers that are highly exposed. My mantra there is to run _verified_ software. Not necessarily the latest, but software that has no known bugs and has been well tested. To religiously update everytime there is a new version and blame it on security is stupid. How do you know that a brand new version of a software does not contain a big gaping security hole unless it has been tested in the wild yet? -- R