From owner-freebsd-questions@FreeBSD.ORG  Thu May 20 14:28:31 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4FEB61065670
	for <freebsd-questions@freebsd.org>;
	Thu, 20 May 2010 14:28:31 +0000 (UTC)
	(envelope-from roger@vetterberg.com)
Received: from mailscan.gavlenet.com (unknown [IPv6:2001:b48::25])
	by mx1.freebsd.org (Postfix) with ESMTP id D46C98FC22
	for <freebsd-questions@freebsd.org>;
	Thu, 20 May 2010 14:28:30 +0000 (UTC)
Received: from [192.168.1.222] (unknown [213.141.83.3])
	by mailscan.gavlenet.com (Postfix) with ESMTP id 8AA8FE7E044;
	Thu, 20 May 2010 16:28:22 +0200 (CEST)
Message-ID: <4BF54704.20909@vetterberg.com>
Date: Thu, 20 May 2010 16:28:20 +0200
From: Roger Vetterberg <roger@vetterberg.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US;
	rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: Dan Naumov <dan.naumov@gmail.com>
References: <AANLkTilslPj7GtFD_tbliyvm7_18qeJOYqDMEca_70fa@mail.gmail.com>
In-Reply-To: <AANLkTilslPj7GtFD_tbliyvm7_18qeJOYqDMEca_70fa@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Gavlenet-MailScanner-ID: 8AA8FE7E044.A96F7
X-Gavlenet-MailScanner: Found to be clean
X-Gavlenet-MailScanner-From: roger@vetterberg.com
X-Spam-Status: No
Cc: freebsd-questions@freebsd.org
Subject: Re: How long do you go without upgrading FreeBSD to a newer release?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 20 May 2010 14:28:31 -0000

On 2010-05-16 17:42, Dan Naumov wrote:
> Hello folks
>
[snip]
>
> Do you liva by the "If it's not broken, don't fix it" mantra or do you
> religiously keep your OS installations up to date?
>
>
> - Sincerely,
> Dan Naumov

Depends on the installation requirements.

I know of two 2.2.8 installations on PII hardware still running like 
champs, not a glitch in god knows how many years of 24/7 operation. None 
of them are exposed externally so there are no security considerations. 
The customers that runs them are still more then happy with their 
servers so I'm actually a bit curious to see how long they will keep 
them running.

I have a few other servers that are highly exposed. My mantra there is 
to run _verified_ software. Not necessarily the latest, but software 
that has no known bugs and has been well tested.
To religiously update everytime there is a new version and blame it on 
security is stupid. How do you know that a brand new version of a 
software does not contain a big gaping security hole unless it has been 
tested in the wild yet?

--
R