How long do you go without upgrading FreeBSD to a newer release?

Sun May 16 16:05:52 UTC 2010

On Sun, 16 May 2010 18:42:44 +0300, Dan Naumov <dan.naumov at gmail.com> wrote:
> Just a thought/question that has recently come to my mind: How long do
> you usually wait until upgrading to a newer release of FreeBSD?

A quite generic answer: Only as long as needed. :-) Upgrading
often is determined by certain considerations, such as the
ability to maintain system security (again depending on the
setting and the purpose of the installation), or the require-
ment for some functionality that explicitely requires upgrading.

> What's your oldest currently running installation,
> do you have any issues and are you planning on an upgrade or do you
> intend to leave it running as is until some critical piece of hardware
> breaks down, requiring a replacement?

FreeBSD 5.4-p14 on a P2/300, 128 MB RAM, office workstation,
last update both in system and applications in 2006.

Upgrade planning: no.

Leave it running as long as possible: yes.

Reason: System runs perfectly (it's not on WAN or acting as a
server, so no major security considerations). It runs better than
my FreeBSD 7 home system which awaits upgrading to 8 soon. :-)

Oldest: 4.1 on a 486 laptop, I'm sure it still works, but it's
not in regular use. :-)

> The reason I am asking is: I have a 8.0 installation that I am VERY
> happy with. It runs like clockwork. eveything is properly configured
> and highly locked down, all services accessible to the outside world
> are running inside ezjail-managed jails on top of ZFS, meaning it's
> also very trivial to restore jails via snapshots, should the need ever
> arise. I don't really see myself NEEDING to upgrade for many years.
> even long after security updates stop being made for 8.0, since I can
> see myself being able to at least work my way around arising security
> issues with my configuration and to break into the real host OS and
> cause real damage would mean you have to be either really really
> dedicated, have a gun and know where I live or serve me with a
> warrant.

If you're running services available to the outside world, keep
in mind *their* security updates also. If those require a system
update, do it, but usually they don't - you usually just upgrade
the ports in question. For servers, you should follow -p as long
as possible. If there are no further security updates for a
certain release, it MAY be a valid idea to upgrade to the new
release (e. g. 8.0 to 8.2, or what's the current release when
8.0-p doesn't continue).

> Do you liva by the "If it's not broken, don't fix it" mantra or do you
> religiously keep your OS installations up to date?

Maybe you'll laugh, but I go with both ways. :-) I've got an
experimental system that I try "bleeding edge" software on, just
to see how well it works. Servers and workstations that I
need to RELY ON go with "not broken, not fix".

I'm sure you'll get more answers that suggest you to really
think about what you want to do, and that determines your way,
maybe both ways, if that fits your requirements. Both ways have
their advantages and disadvantages, and it's up to you how you
handle it.

-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...