FreeBSD Security Survey

[Brandon S. Allbery KF8NH]

On May 21, 2006, at 11:55 , Colin Percival wrote:

> The Security Team has been concerned for some time by anecdotal  
> reports
> concerning the number of FreeBSD systems which are not being promptly
> updated or are running FreeBSD releases which have passed their End of
> Life dates and are no longer supported. In order to better understand
> which FreeBSD versions are in use, how people are (or aren't) keeping
> them updated, and why it seems so many systems are not being  
> updated, I

I have a 6-STABLE box that is not going to be updated to 6.1 any time  
soon, because my personal mail will have to be offline while I do so  
--- including nuking and rebuilding all ports because the ports tree  
has been thrashed by multiple low level updates that affect a large  
percentage of the tree --- and it's only a 600MHz box so it will be  
offline for most of a week during that upgrade.  And I'm uncertain  
how downgrading it to 6.0-RELEASE+security patches will complicate  
things (downgrading via cvsup/buildworld is not a supported option,  
last I checked).  Granted, I probably should have stuck with 6.0-R  
--- but then, experience has shown me that the more reliable option  
is to wait a week or two after release and then install -STABLE.

In short:  keeping FreeBSD up to date tends to be painful at best.

-- 
brandon s. allbery     [linux,solaris,freebsd,perl]       
allbery at kf8nh.com
system administrator  [openafs,heimdal,too many hats]   
allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university       
KF8NH