> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Theo de Raadt > Sent: Tuesday, September 06, 2005 11:43 AM > To: Stephan A. Rickauer > Cc: misc@openbsd.org > Subject: Re: Lifecycle question > > > The reason why I bother this list is that I am impressed of OpenBSD from > > the technical point of view. I like its consistency and purity. But in > > business environments or comparable organizations where money is an > > issue, one needs to think about system management very carefully, since > > it has a direct impact on money as well. That's why I can't understand > > people can really live with the 6 months lifecycle. > > I don't understand this whole conversation. > > Instead, what those vendors give people is a 5 year patch-every-month > cycle. > > That is completely unsustainable. The pieces we build upon are > advancing too fast. > > I don't buy into that method of operating system componentizatio at > all, that you can just keep patching and patching. It was not true 15 > years ago, 10 years ago, 5 years ago, and I see no proof that it will > be true ever in the future.
"Familiarity breeds content" I'm scared to death just patching OpenBSD, but I just did another successful one recently and my stress levels go down every time. While I have been personally using OpenBSD for years, it was only with version 3.6 that I started using it in production. I'm sure that over time, I'll be less scared. I'm nervous when I update Linux, Windows, Novell, OSX, or OpenBSD. I think what scares me about OpenBSD is that _I_ will make a mistake due to the additional manual steps. Most other systems automate more, and I can falsely assume that people smarter than me have worked through the issues. It is hard to get a feel for the true level of risk without statistics. People can give anecdotal evidence about how a Windows security update blew out their accounting server and required a rebuild. You can get those stories for any OS. I think the lifecycle question will seem less disruptive as I become more familiar. Perhaps we should call the current OpenBSD "Version 3, Service Pack 7". In the Windows world, there are all kinds of software packages that require a recent service pack. Windows 2000 is supported for many years, but not at the original service pack level if you intend to do anything useful with it. Same thing with OSX.
