Re: Updated ports/packages in -stable/-release

Thu, 03 Jan 2008 12:00:32 -0800 

Hello Nick,
That may be what you do, but you are generally wrong if that is your goal. 

The goal is that the BEST version of OpenBSD is -current.
This goal is usually met.

At home, I use -current version for 6 months.

However, I'm in my society, and I must set up 10 development machines, 
and I would like to install OpenBSD on these machines.


You recommend me to install OpenBSD -current on these machines?


My actual boss want a **secure** system, and he believed that a Debian 
Linux is better than a OpenBSD. I believe it's not true. I use and I 
love OpenBSD.

Again, the most robust, best supported, most secure version of OpenBSD
is -current.

What's the interest of -stable if -current is better?

and in a few days, it will probably be 2.0.0.11.  Don't fool yourself
into thinking that running the newest version means you are "secure".  In
that case in particular, it just means you are running a version where
they reacted to a few more bugs.  "Better than IE" is the Mozilla goal,
not "good".  If you are doing things that expose yourself to Firefox
vulnerabilities, you probably aren't going to save yourself by running
the "lease insecure" version on a secure OS.

I don't think that firefox 2.0.0.11 is very secured. I think that 
2.0.0.11 is better secured than 2.0.0.6 :-)

Let's say you plan on implementing a new machine today.  Install 
-current.

Really.  In May, upgrade to the 4.3, and sit there for six months.  In

November, upgrade to 4.4.  IF you are using some third party apps 
which have
"issues" mid-cycle, bump to a snapshot, and update the packages.  If a 
system
bug is found that impacts you, bump to -stable.  The -release/-stable 
spots

are "resting points" in the upgrade cycle.

But that new app should be set up and tested out on -current, not 
-release.

Try to use the base OpenBSD system for as much of the system as you can.

The fewer packages you have installed, the fewer special cases you 
will have
to deal with.  The fewer cutesie-crap apps you put in your servers, 
the less
often you will have to take down your servers because of cutesie-crap 
bugs.

I want a plan of updating machines.
2 solutions:
* install -current OpenBSD and follow -current
* install -stable every 6 months and follow -stable


I want too "secured" ports. So, I must install -current and follow -current? 

If today I install -current, and 01 may I upgrade to 4.3-stable, I'll 
have "non upgraded packages/ports" until 01 november 2008.


So, I install -current?

Nicolas























					Reply via email to