Quoting nixlists <nixmli...@gmail.com>: > On Thu, Mar 4, 2010 at 11:58 AM, <and...@msu.edu> wrote: >>> But both are related to downtime and data loss. I understand stability >>> bugs are likely to pop-up more often with current, and this has been >>> my experience. Weird freezes without panic that I did not have with >>> release/stabe, and some pf-related panics that went away with recent >>> current. >>> >>> Anyway, I am still not clear where most security bugs are more likely >>> to pop-up - in release or current, or either? >>> >>> Thanks. >> >> For any established bug thats been around for a while before discovery, >> it will be in both -release and -current; established meaning existing >> for one more more releases. >> >> -Current can have bugs that are introduced during the development >> cycle. Typcially they are seen fairly quickly and stomped on quickly. >> >> I've lived on -current on my laptop for 8 years now, and the only time >> thats been a problem was rebuilding stuff during a hackathon. If >> you use -current, watch the pretty commits flow in, but refrain from >> jumping into the new code on your main machine, as I did. Test >> machines are of course a great idea. > > Thank you! > > Shouldn't this advice be good for inclusion on the "following > current" page on the website? Also how does one find out when it's > okay to jump into new code, given that one is a mortal sysadmin - not > a C or system hacker who understands which commits could possibly be > buggy?
If you don't have a good understanding of things, I'd say you should not follow -current on machines that are critical to you. I do use -current for my main infrastructure machines, but I always have a failsafe, namely the previous incarnation of the machine that I can fall back on in case of disaster. That, and of course TESTING the new -current machine before comtting to it! It's amazing (well, horrifying) how many people get some new machine set up and just assume that the newer version of X will be good. Following -current implies that you are subscribed to the src changes list, and read it consistently. When upgrading to the latest code you need to make sure that you aren't getting code in the middle of a comitt of some large thing, such that you have just a part of it. The CVS machines get their updates on some schedule, so its important to make sure that you aren't getting incomplete stuff. I run into this from time to time, but first assume that any build problem is mine. Usually I've shot myself somehow, or gotten an update in the middle. Every once in a while I bump into an actual problem which stops the build (breaking the tree) but that is pretty rare. OpenBSD is the only system I've seen where I can trust the development system to be usable (with testing). You can learn tons from watching -current. I have. But till you have experience with it, don't make it your main system. --STeve Andre'
