Martin Waschbüsch wrote:
Am 23.06.2017 um 23:53 schrieb Michelle Sullivan <[email protected]>:
Matt Smith wrote:
I use FreeBSD *precisely* because it mostly keeps up with the latest stable
versions of things. I have postfix 3.2, pgsql 9.6, nginx 1.13, libressl 2.5
etc. It's usually impossible to do this with linux unless you install things
directly from source.
And me I came to FreeBSD because it was security conscious but not latest and
greatest or nothing... well not strictly true, P Vixie forced me into trying
it.. but I changed from Linux to FreeBSD across my entire product because of
stability... which doesn't exist in the same way now (and hasn't since
2013ish)..
FWIW, personally, I never perceived statements about FreeBSD's stability to
extend beyond the scope of the (complete) OS itself.
There in lies a problem.. Something happened, now the OS is not as
stable, as for a 'installed the CD how long before a reboot' is it, but
how often do we *have* to upgrade because of a security issue.. seems
like every 5 minutes now... ports (some of them) do form part of the
OS... if the ports tree stops working on older versions of the OS then
you *have* to upgrade.
I always regarded ports very much as a convenience. pkg even more so.
I don't consider pkg at all. Ports are partly.
I upgrade my ports/packages via poudriere every single day which mostly just
takes 2 minutes of my time as usually that results in maybe one or two packages
being updated at a time. I see this as a positive thing rather than doing one
massive huge upgrade every 3 months.
Currently have 87 servers located across 7 continents, all in production
processing incoming spam at the millions per day, and serving DNS requests at a
rate of over 70,000 queries per second (averaged over a week)... you can't just
f**k with that. Patches have to be evaluated, tested, built and regression
tested....
My personal conclusion is that if I need to ensure that issues (especially
security fixes) are dealt with in a timely manner then I have to do the
patching, testing, evaluating, etc. myself.
Mostly agreed... depends on your definition of 'do the patching
yourself'.. if you mean taking patches applying them yourself, then yes
100% agree, if you mean developing the patch yourself in whole or in
part... no.
After all, even if all that was thoroughly done by upstream, port maintainer,
etc., who’s to say my specific setup and config won’t bring issues to light
their testing didn’t?
100% with you.
--
Michelle Sullivan
http://www.mhix.org/
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[email protected]"
