From owner-freebsd-stable@FreeBSD.ORG Mon Jun 14 04:27:45 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 82DAA16A4D0 for ; Mon, 14 Jun 2004 04:27:45 +0000 (GMT) Received: from zircon.seattle.wa.us (dsl231-043-165.sea1.dsl.speakeasy.net [216.231.43.165]) by mx1.FreeBSD.org (Postfix) with SMTP id 0A2AC43D2D for ; Mon, 14 Jun 2004 04:27:45 +0000 (GMT) (envelope-from joe@zircon.seattle.wa.us) Received: (qmail 26804 invoked from network); 14 Jun 2004 04:27:44 -0000 Received: from localhost (HELO ?127.0.0.1?) (127.0.0.1) by localhost with SMTP; 14 Jun 2004 04:27:44 -0000 From: Joe Kelsey To: Ladislav Bodnar In-Reply-To: <200406141131.51215.distro.watch@msa.hinet.net> References: <1087170692.20776.16.camel@parker.babysnakes.org> <200406141131.51215.distro.watch@msa.hinet.net> Content-Type: text/plain Message-Id: <1087187263.465.52.camel@zircon> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Sun, 13 Jun 2004 21:27:44 -0700 Content-Transfer-Encoding: 7bit cc: stable@freebsd.org Subject: Re: keeping my freebsd secure... THANX X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 04:27:45 -0000 On Sun, 2004-06-13 at 20:31, Ladislav Bodnar wrote: > On Monday 14 June 2004 07:51, Haim Ashkenazi wrote: > > what's you're saying is very disturbing... I only moved to FreeBSD > > because debian stable releases a new version once in a long time > > (more > > I am in the same situation as you. But I am wondering - what happens if > you just run the installation program from within an existing > installation and update the binary packages to the latest release (say, > your server is running 4.9, but you want to upgrade to 4.10). Is this a > good way of going about upgrading, or am I just completely off my > rocko? FreeBSD works correctly from SOURCE every single time. > (I know this doesn't address the issue of security fixes, but at least > you could get your PHP up to a newer version). > > In all honesty, I don't feel confident about upgrading an entire system > by compiling from sources. Maybe it's because I've been bitten by > upgrade problems on Gentoo, but also because, from whatever little > experience I have with FreeBSD, compiling from sources can fail on > FreeBSD too. My logic dictates that the binary packages provided with a > RELEASE are well-tested, so that everything works together nicely. Why > bother with compiling? I compile and install from source on a regular basis. I have never installed a binary package except for my first installation from CD-ROM of a 4.0 system, immediately cvsup'd into a -STABLE release compiled from source. I worked for a local ISP with over 500 FreeBSD servers, all done from source. We compiled test machines to generate our own custom system images and then installed on all machines in groups. The problem there comes from keeping the old machines current enough to still work in spite of various security problems. That was a real problem for the old 3.2 machines, but still we were installing 4.5 FreeBSD images while 4.8 was in the release process. When you have a large enough number of machines to keep up, you cannot possibly keep all of the up-to-date. My logic dictates that you have to compile and test your own distributions based on some -RELEASE. Running GENERIC kernels is a loser strategy, so you will have to compile something to get working. /Joe > Anybody cares to comment? > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"