[fbsd] HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon

[Garance A Drosihn]

At 8:42 AM -0700 10/11/06, Jason Stone wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>>>Though I admit RELENG_4 is getting dusty, it is not rusty.  I believe it
>>>is still used in many places because of its stability and performance.
>>>[...]
>>>Is it envisageable to extend the RELENG_4's and RELENG_4_11's EoL
>>>once more ?
>
>>  Yes, I'm also voting for it.
>
>I realize that resources to keep chasing this stuff are in limited
>supply, but if you solicit the opinion of the community, I'd bet
>that more people would rather see 4.x support continue than 5.x
>support.

While this is an interesting idea, please realize that if we are
supporting 6.x (and we are!), then it is much less work to also
support 5.x than it is to support 4.x instead of 5.x.  The effort
for one is not the same as the effort for the other.

But I do agree that this is an interesting idea.

In a different message, Dan Lukes wrote:
>	Even if no new ports will be compilable on 4.x, even if the
>old ports will not be updated with exception of update caused by
>security bug, I vote for delaying EOL of 4.11

That's easy to say.  But then that security bug will be in an
old version of openssh, and to fix it you'll need to update *both*
openssh and openssl, and to compile openssl you'll need a newer
version of, oh, some compiler.  Or the latest libtool.  Or it
will assume a variety of changes have been made to base-system
include files under /usr/include/**.h.

(Note that I face this very issue with a variety of old Solaris
and IRIX machines here at work.  It's one thing to say "Oh, I'll
just apply one little security fix", and it's another when you
figure out it's going to take you two weeks of solid work to do
successfully do that)

More to the point, we might not even know there *is* a security
exposure in the system you are running.  Maybe someone stumbles
upon a new exploit in an ancient version of <some-component>, but
everyone running 5.x and 6.x and 7.x is already running the newer
version.  Thus, we won't even know that 4.x users have a serious
security issue which needs to be fixed.

You can't just keep voting to say "support me forever", and have it
cost nothing.  Someone, somewhere, has to put up the time and effort
to actually do that support.  And realistically, that someone has to
be the people who are actively running 4.x.  Me, I have no desire to
run 4.x.  I have become too accustomed to a variety of nice features
which are in 6.x.  I'm also in the process of replacing two of my PC's
(because they are having hardware trouble), and once I do that I only
have one PC which will even bootup in 4.x -- and that is a 10-year-old
PC which I hope to replace before the end of the year.

(of course, I'm only one freebsd developer, and I do not claim to
be speaking for security at freebsd or re at freebsd.  I'm just saying, more
and more FreeBSD developers are actively running on newer hardware,
and thus that is where their expertise is...)

-- 
Garance Alistair Drosehn            =   gad at gilead.netel.rpi.edu
Senior Systems Programmer           or  gad at freebsd.org
Rensselaer Polytechnic Institute    or  drosih at rpi.edu