Seeking an extended-support O/S similar to FreeBSD

[Kevin Day]

On Mar 29, 2013, at 1:06 PM, Michael Wayne <freebsd07 at wayne47.com> wrote:

> On Thu, Mar 28, 2013 at 07:31:50PM -0700, Freddie Cash wrote:
>> 
>> Every other minor release of FreeBSD is supported for 2 full years, with no
>> new features added, just security fixes (aka Extended Releases).
>> 
>> And every major release of FreeBSD is supported for at least 4, somtimes 5,
>> years.
> 
> That's exactly the issue.  After 4-5 years, there's nothing.
> 
>> FreeBSD isn't perfect (what OS is?), but it's amazing that you can install
>> the newest versions of MySQL, Firefox, KDE, Postfix, etc on 7.4 (until the
>> end of Feb, anyway), or 8.3, or 9.0, or 9.1. And can continue to get
>> security fixes for all those releases (except 7.x now).
> 
> That's no help at all to a bunch of machines that started life on
> 4.1 back in 2000 and will continue to run another 10-15 years, is
> it?  What's your suggestion for dealing with that? It's not like
> anything currently supported is gonna fit on those machines without
> a rediculous amount of effort.
> 
>> What's missing from FreeBSD support?
> 
> Having one release supported for an extended time. It would be
> insane to consider maintaining every release for an extended period
> but ONE release, supported for an extended period (decades) would
> really help.  We're far enough down the security path that there
> are not that many security vulnerabilities in base. Ports generally
> build just fine on older versions.  

We have servers that are currently in production use that we purchased in 2002. They're fully capable of running 9.1-RELEASE, so we keep them updated regularly. FreeBSD 2.x through 9.1 are installable off a single CD - disk space requirements have not increased in any substantial way. Later kernels tend to have more things in modules, so memory usage may be lower just with a GENERIC kernel. 

Compatibility also isn't really an issue - this isn't like Windows where upgrading from Windows XP to Windows 8 is going to leave you with a bunch of applications that don't work and missing drivers for half your stuff. In most cases support is additive, and backwards compatible. 

It's very rare for a new version to pull support for hardware that's even slightly commonly used. The only reason things get pulled are that usually there's nobody with hardware anymore to even test it, so trying to maintain compatibility even on an ancient version of FreeBSD is hard because the ability to verify they haven't broken it is gone.

You also need to consider power cost v.s. replacing hardware, too. A server that was a beast in 2000 is likely slower than a modern day Atom box, and likely uses 10-30x the power. We obsolete (and donate) old equipment once replacing it pays for itself in 6 months. All of our pre-2002 servers are gone now due to this, and we'll probably be in the 2005 range by the end of the year.

And keep in mind that there have been many vulnerabilities in the base system, mostly local but some remote. Just pushing a patch out to FreeBSD 4.1 is going to be a big undertaking because, again, it supported some obscure stuff that got removed because there are no developers who even have that hardware anymore. (ISDN for example)

Asking for "decades" of support is rare for any software product, unless you're talking about enterprise levels of support that basically pay for a few people's salaries to be dedicated on it. To use Microsoft as an example, Windows Server 2003 was released in 2003, and standard support/updates ended in 2010. That's *paid* support that lasts 7 years. You can pay even more gobs of money to get another 5 years of *support* but no updates out of them. If you want security updates to Windows Server 2003 beyond 2010, you installed Server 2008, which is supported until 2015. Their basic policy is they support things for a minimum of 5 years, or 2 years after the next version comes out, whichever is longer. 

Rather than saying you want a 20-30 year commitment on one specific version, can you go into more detail why updating isn't possible for you?  freebsd-update has made updating about as painless as I can imagine it being. Especially if you want to live a little dangerously and skip the last step that removes the old libraries - you don't need to recompile anything if you really can't. If you're operating things that are extremely risk averse where any change needs substantial validation before putting it into production, you're probably better off with a commercial OS that splits out individual changes instead of rolling releases like FreeBSD.

We walk a lot of our customers through keeping their systems updated, so I'm always curious to hear why it's unpalatable for some reason.

-- Kevin