How long do you go without upgrading FreeBSD to a newer release?

[krad]

On 16 May 2010 17:05, Polytropon <freebsd at edvax.de> wrote:

> On Sun, 16 May 2010 18:42:44 +0300, Dan Naumov <dan.naumov at gmail.com>
> wrote:
> > Just a thought/question that has recently come to my mind: How long do
> > you usually wait until upgrading to a newer release of FreeBSD?
>
> A quite generic answer: Only as long as needed. :-) Upgrading
> often is determined by certain considerations, such as the
> ability to maintain system security (again depending on the
> setting and the purpose of the installation), or the require-
> ment for some functionality that explicitely requires upgrading.
>
>
>
> > What's your oldest currently running installation,
> > do you have any issues and are you planning on an upgrade or do you
> > intend to leave it running as is until some critical piece of hardware
> > breaks down, requiring a replacement?
>
> FreeBSD 5.4-p14 on a P2/300, 128 MB RAM, office workstation,
> last update both in system and applications in 2006.
>
> Upgrade planning: no.
>
> Leave it running as long as possible: yes.
>
> Reason: System runs perfectly (it's not on WAN or acting as a
> server, so no major security considerations). It runs better than
> my FreeBSD 7 home system which awaits upgrading to 8 soon. :-)
>
> Oldest: 4.1 on a 486 laptop, I'm sure it still works, but it's
> not in regular use. :-)
>
>
> > The reason I am asking is: I have a 8.0 installation that I am VERY
> > happy with. It runs like clockwork. eveything is properly configured
> > and highly locked down, all services accessible to the outside world
> > are running inside ezjail-managed jails on top of ZFS, meaning it's
> > also very trivial to restore jails via snapshots, should the need ever
> > arise. I don't really see myself NEEDING to upgrade for many years.
> > even long after security updates stop being made for 8.0, since I can
> > see myself being able to at least work my way around arising security
> > issues with my configuration and to break into the real host OS and
> > cause real damage would mean you have to be either really really
> > dedicated, have a gun and know where I live or serve me with a
> > warrant.
>
> If you're running services available to the outside world, keep
> in mind *their* security updates also. If those require a system
> update, do it, but usually they don't - you usually just upgrade
> the ports in question. For servers, you should follow -p as long
> as possible. If there are no further security updates for a
> certain release, it MAY be a valid idea to upgrade to the new
> release (e. g. 8.0 to 8.2, or what's the current release when
> 8.0-p doesn't continue).
>
>
>
> > Do you liva by the "If it's not broken, don't fix it" mantra or do you
> > religiously keep your OS installations up to date?
>
> Maybe you'll laugh, but I go with both ways. :-) I've got an
> experimental system that I try "bleeding edge" software on, just
> to see how well it works. Servers and workstations that I
> need to RELY ON go with "not broken, not fix".
>
> I'm sure you'll get more answers that suggest you to really
> think about what you want to do, and that determines your way,
> maybe both ways, if that fits your requirements. Both ways have
> their advantages and disadvantages, and it's up to you how you
> handle it.
>
>
>
>
> --
> Polytropon
> Magdeburg, Germany
> Happy FreeBSD user since 4.0
> Andra moi ennepe, Mousa, ...
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>

we have some production dns caches at work running bsd 4.3, that have been
there for nearly a decade. We keep the dns software on them upto date and
they are locked down with a firewall. However they will be going some time
this year, but thats more down to consolidation than anything else.