tracking -stable in the enterprise

[Kris Kennaway]

Andy Kosela wrote:
> On Jun 25, 2008, at 3:46 AM, Peter Wemm wrote:
>> I think we still have FreeBSD-3.x machines in production. I know we
>> have FreeBSD-4.3.  99.9% of security issues don't affect us.  We have
>> our own package system built on top of FreeBSD's pkg_add format and
>> have the ability to push packages to machines.  If circumstances
>> warrant it, we can push a fix for something.  It'll either push a new
>> binary or be a source patch that is compiled directly on the machines
>> in question.   The machines run a custom software stack.  More often
>> we push fixes for driver or performance fixes or things like timezone
>> updates.
> 
> Ports infrastructure do not support such old FreeBSD versions, so how
> do you deal with that? Do you maintain your own CVS branches of
> selected packages and backports necessary security patches? I guess it
> demands considerable effort to compile the latest apache on FreeBSD
> 3.x or 4.x.
> 

It would be easy to maintain 4.x compatibility in Yahoo's package 
system.  They probably only need a relatively small number of ports, and 
there is no need to stay in sync with changes to the ports 
infrastructure.  Those changes are almost all completely gratuitous from 
the point of view of deploying packages within a site since they are 
changes to the *ports* infrastructure.  The FreeBSD *package* 
infrastructure has changed almost not at all over time (but yahoo have 
their own package system anyway).

To the extent that the vendor applications still support old versions, 
the model would be the same: vendor source + patches --> binary.  You 
can do that with a system based on the ports collection from last 
century if you like :)

I would guess that Yahoo actually forked the ports system long ago (in 
the 2.x days?) or never used it directly, and either port their changes 
directly or by taking patches from freebsd ports.

Kris