From owner-freebsd-questions@FreeBSD.ORG Thu May 20 16:40:25 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 60C411065673 for ; Thu, 20 May 2010 16:40:25 +0000 (UTC) (envelope-from m.e.sanliturk@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id DB3FB8FC22 for ; Thu, 20 May 2010 16:40:24 +0000 (UTC) Received: by fxm4 with SMTP id 4so23830fxm.13 for ; Thu, 20 May 2010 09:40:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=itHA/r7m+ebOUh+bGG5TgIrgfxqW59780Q/oD/Ur+9A=; b=lCTZUJEWV8ekcYxc3qWSertbqqfP0vNO+9bO6sZh4vBndp58UUikxH5t3yqZ5wpdor rPEjrdYWyJUPrxiclHqoOAlIxg2Qwjhrjxx/OvfW5yYIU5IoAtD2ZIE3cJW36suFkQpy NndUfj/PQw4Mi6eXId3JBBsW8vqeQy0tLx/Rk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=TzjrznDuXPKT5E5qNsiTuRW8vGi1vfe0dwgZAngF5L0/Kfb1IClIh+XGLqF++4HNXV uEHfCkFeXtKeFF1xXZeYyBWtmpwof3N87LM0/ecS9leyPDYWAT41b/RiZ3iaLexX153o +nhZ3KyJa1U5RJUzZRqi+qm6IQJq7096FlXxs= MIME-Version: 1.0 Received: by 10.239.181.73 with SMTP id l9mr31306hbg.139.1274373623601; Thu, 20 May 2010 09:40:23 -0700 (PDT) Received: by 10.239.132.194 with HTTP; Thu, 20 May 2010 09:40:23 -0700 (PDT) In-Reply-To: <4BF54704.20909@vetterberg.com> References: <4BF54704.20909@vetterberg.com> Date: Thu, 20 May 2010 12:40:23 -0400 Message-ID: From: Mehmet Erol Sanliturk To: Roger Vetterberg Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Dan Naumov , freebsd-questions@freebsd.org Subject: Re: How long do you go without upgrading FreeBSD to a newer release? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 May 2010 16:40:25 -0000 On Thu, May 20, 2010 at 10:28 AM, Roger Vetterberg wrote: > On 2010-05-16 17:42, Dan Naumov wrote: > >> Hello folks >> >> [snip] > >> >> Do you liva by the "If it's not broken, don't fix it" mantra or do you >> religiously keep your OS installations up to date? >> >> >> - Sincerely, >> Dan Naumov >> > > Depends on the installation requirements. > > I know of two 2.2.8 installations on PII hardware still running like > champs, not a glitch in god knows how many years of 24/7 operation. None of > them are exposed externally so there are no security considerations. The > customers that runs them are still more then happy with their servers so I'm > actually a bit curious to see how long they will keep them running. > > I have a few other servers that are highly exposed. My mantra there is to > run _verified_ software. Not necessarily the latest, but software that has > no known bugs and has been well tested. > To religiously update everytime there is a new version and blame it on > security is stupid. How do you know that a brand new version of a software > does not contain a big gaping security hole unless it has been tested in the > wild yet? > > -- > > R > More than two years I am studying FreeBSD and some Linux distributions , mostly I am using Mandriva Linux ( attaching USB sticks mounts them automatically , and burning CD/DVD is very easy . No one of them require mount . ) . After very desperate experiences ( loss of collection of large amounts of downloaded documents and other files after upgrading the operating system either by automatic update , or approved update of installed components ) I have learned that upgrading an actively used operating system ( including Windows ) is plainly wrong . Now I am NOT upgrading any more any one ( I have turned Off automatic updates , and I am ignoring notices about availability upgrades ) . The best policy seems to be one of the following : (i) install onto a new computer , test it , and if it is working very well transfer data onto new system , and keep old system for a new release/update cycle . This step is most suitable for production systems exposed to outer world . (ii) attach a new hard disk to the computer , copy all of the present files to the new system , update it , test it , if it is successful , use previous hard disk for a new release/update cycle , (iii) back-up all of the data , and try update . Testing suitability may take a long time . In steps (ii) and (iii) , do not load new data during tests , because at the end , all of them may be destroyed . ( No one of the above steps are suitable for a proprietary , activation based operating system because they are not allowing so many computer and/or hard disk changes . ) Therefore , the problem is a "system analysis and design" process . Thank you very much . Mehmet Erol Sanliturk