[Total OT] Trying to improve some numbers ...
Marc G. Fournier
scrappy at hub.org
Fri Feb 17 10:09:57 PST 2006
On Fri, 17 Feb 2006, lars wrote:
> Marc G. Fournier wrote:
>> On Thu, 16 Feb 2006, lars wrote:
>>> If your machine only runs an NFS daemon and is behind a firewall,
>>> ok, you don't need to patch it asap when an NFS SA and patch is issued, if
>>> all clients connecting to the machine are benign.
>> Actually, there are alot of situations where this sort of thing is possible
>> ... hell, I could probably get away with running a FreeBSD 3.3 server since
>> day one, that has all ports closed except for sshd, imap/pop3/smtp, and be
>> 100% secury ... sshd can be easily upgraded without a reboot, with the same
>> applying to imap/pop3/smtp if I use a port instead of what comes with the
>> OS itself ...
>> You can say you are losing out on 'stability fixes', else the server itself
>> wouldn't stay up that long ... so about the only thing you lose would be
>> performance related improvements and/or stuff like memory leakage ...
>> And I could do this all *without* any firewalls protecting it ...
> Even if you managed to maintain an old version of a particular OS's
> uptime for so long, what did you prove?
Wasn't arguing that I "proved" anything, only that a long uptime could be
achieved *without* any security implications :)
> IMHO 'uptime' as a 'feature' is overrated, not to say obsolete.
Agreed 100% ... Availability is the useful metric, not how long a
stretch of time the OS can remain running ... not necessarily worded the
best way, but our uptime policy (http://www.hub.org/uptime_policy.php) was
such that we tried to upgrade our servers once every 30 days or so ... not
always possible, and lately less so, but it was our aim ...
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy at hub.org Yahoo!: yscrappy ICQ: 7615664
More information about the freebsd-questions