On Sep 5, 2013, at 12:08 PM, Mark Tinka <mark.ti...@seacom.mu> wrote:
> On Thursday, September 05, 2013 04:55:31 PM Jim Pingle
> wrote:
>
>> I'm not opposed to auto-update if it's done securely and
>> opt-in. Especially if you can schedule the time it takes
>> place (e.g. specific day, specific time frame).
>
> The problem with updating router/switch software, as you
> know, is that you can't guarantee that what was working
> before won't be broken after the update. In addition to the
> downtime (large routers and switches can take several,
> several minutes to boot), a lot of service providers won't
> update for this reason.
Wait, wait. Show me, again where pfSense is used in a non-trivial service
provider environment in a position where it actually routes traffic.
And show me again where auto-update was *required*, rather than an option?
> That said, the vendors tend to issue workarounds that don't
> require software updates, and as such, reboots. This is not
> always the case, and in some scenarios, a software update is
> your only option.
>
> Vendors have attempted in-service updates (ISSU and friends), but this is
> not very practical as of now, and tends to work less often than not.
It’s all doable. (It’s just software.) but it’s decidedly non-trivial.
> Monitoring your infrastructure with simple tools like RANCID is an effective
> and quick way to know what has changed on
> your network, so you can investigate any potential breaches.
>
> Unlike laptops and desktops, the latest software for routers
> and switches isn't always the greatest :-).
if by “isn’t always” you mean “occasionally isn’t”, fine. If you mean “often
isn’t”, then I fundamentally disagree.
jim
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list