Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Roger Marquis (marquisroble.com)
Date: Thu Apr 18 2002 - 16:14:08 CDT
Jon Bergfeld <jbergfelyahoo.com> wrote:
> look, the existing process seems to work fine for everyone else, so if
> you want a new way to upgrade, develop it yourself.
Actually the existing process does not work fine for everyone,
neither Brett, myself, nor many other sysadmins of mission-critical
production systems. If you would suppress the dirt-mouthed language
and stop shooting the messenger this might be more evident.
Different sites have different levels of risk tolerance. CVSup is
not the right tool for applying minimal deltas of fully tested code
to mission-critical servers. I've migrated several FreeBSD servers
to Solaris over the years for exactly this reason. Solaris' patch
and package subsystems are considerably better designed (i.e, anal)
and the patches are far more thoroughly tested than you'll find in
FreeBSD. This is a core difference between much free and commercial
software and it doesn't appear likely to change any time soon
(especially given the responses to Brett's wholly accurate
The development-oriented readers of -security, good as their coding
skills are (and they are the best), simply don't have the admin or
management experience necessary to understand a risk-analysis with
this level of distinction much less the time or inclination to
write the necessary code or implement supporting procedures.
FreeBSD is the finest OS for many, many applications. It's not,
however, the best at minimizing the risk of applying patches.
Trying not to be critical, just noting the facts as I see them,
-- Roger Marquis Roble Systems Consulting http://www.roble.com/
To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message