Marwan Burelle wrote:
On Tue, Dec 20, 2005 at 02:18:13PM +0400, rihad wrote:
A very interesting script for its own purpose, but I'm afraid this
doesn't answer my question at all. Perhaps seeing the way that e.g.
Debian deals with the upgrade problem might shed some light on the
issue. Hell, FreeBSD does exactly that for the base world+kernel, too!
Not for the ports, though.
The "debian way" is too have a frozen tree and restraint updates, this
induces at least a two level maintaining, one that follows
"on-the-edge" updates and the other that only follow security
updates. The problem is that most applications don't work like that,
they don't maintain two branches, and thus you need (or the maintainer
of the ports needs) to maintain a bunch of security patches for that
app that doesn't have any dependance links (or at least only to other
security updates ... )
This is a lot of work, and IMHO that's why debian stable is so often
outdated (and some time completely obsolete.) This also raises
questions like "when should we move to the next/last release ?",
"Is that patch-set too important ?" ...
My own experience shows me that most of the time when you only need
security updates, that means that your boxe is "specialized" in some
way with a small set of installed ports and thus every updates in the
tree for those ports are relevant. Otherwise, you may want to have up
to date ports because it's providing you with shiny new features ;)
I think Debian does an excellent job of taking the common load off of
the shoulders of its users by providing security package updates with no
changes in functionality wherever possible. Change in software
functionality, configs, dependencies etc. almost always hurts, that's
what Debian are trying to save its users from. Imagine: Foo 1.2.3 that
was current at the time of FreeBSD 6.0 release gets a severe vuln after
some time. Some admins upgrade to the latest and greatest Foo 1.2.9,
others to Foo 1.2.7 (probably with not recently updated ports tree)...
Still with me? Factoring this security upgrade path in the OS so that
all users get the same fix and functionality is a very hard thing to do
and maintain, I'd guess.
FreeBSD's "latest and greatest" attitude is very relevant for desktop
users and such. I think it would be even better to make
security-conscious server admins' lives even better. Put up a box,
forget about it, do a major upgrade in a year. Oversimplifying here...
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
