From owner-freebsd-stable@FreeBSD.ORG Mon May 22 04:07:01 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4270116A445; Mon, 22 May 2006 04:07:01 +0000 (UTC) (envelope-from allbery@ece.cmu.edu) Received: from bache.ece.cmu.edu (BACHE.ECE.CMU.EDU [128.2.129.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6FBEF43D45; Mon, 22 May 2006 04:07:00 +0000 (GMT) (envelope-from allbery@ece.cmu.edu) Received: from [10.9.204.128] (dsl093-061-215.pit1.dsl.speakeasy.net [66.93.61.215]) by bache.ece.cmu.edu (Postfix) with ESMTP id ABE457A; Mon, 22 May 2006 00:06:58 -0400 (EDT) In-Reply-To: <4471361B.5060208@freebsd.org> References: <4471361B.5060208@freebsd.org> Mime-Version: 1.0 (Apple Message framework v750) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <2DB25B04-BCE6-41D2-9D95-03C58A493E2C@ece.cmu.edu> Content-Transfer-Encoding: 7bit From: "Brandon S. Allbery KF8NH" Date: Mon, 22 May 2006 00:06:54 -0400 To: Colin Percival X-Mailer: Apple Mail (2.750) Cc: freebsd security , FreeBSD Stable Subject: Re: FreeBSD Security Survey X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 May 2006 04:07:01 -0000 On May 21, 2006, at 11:55 , Colin Percival wrote: > The Security Team has been concerned for some time by anecdotal > reports > concerning the number of FreeBSD systems which are not being promptly > updated or are running FreeBSD releases which have passed their End of > Life dates and are no longer supported. In order to better understand > which FreeBSD versions are in use, how people are (or aren't) keeping > them updated, and why it seems so many systems are not being > updated, I I have a 6-STABLE box that is not going to be updated to 6.1 any time soon, because my personal mail will have to be offline while I do so --- including nuking and rebuilding all ports because the ports tree has been thrashed by multiple low level updates that affect a large percentage of the tree --- and it's only a 600MHz box so it will be offline for most of a week during that upgrade. And I'm uncertain how downgrading it to 6.0-RELEASE+security patches will complicate things (downgrading via cvsup/buildworld is not a supported option, last I checked). Granted, I probably should have stuck with 6.0-R --- but then, experience has shown me that the more reliable option is to wait a week or two after release and then install -STABLE. In short: keeping FreeBSD up to date tends to be painful at best. -- brandon s. allbery [linux,solaris,freebsd,perl] allbery@kf8nh.com system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu electrical and computer engineering, carnegie mellon university KF8NH