[FreeBSD-Announce] FreeBSD 12.0 end-of-life

@lbutlr kremels at kreme.com
Sun May 17 06:25:32 UTC 2020

On 16 May 2020, at 13:12, John Howie <john at thehowies.com> wrote:
> Respectfully, the views presented are not in line with desired state.

It is in line with reality.

> We *should* be able to install s/w and forget it until the hardware eventually fails.

If the software is hardened and unmodifiable and there is no possible way for it be exploited, sure. But that is pretty much a fantasy for any complicated software like an OS.

> We are building a house of cards with tiered dependencies and upgrades are often fatal, resulting in prolonged outages. This leads administrators to just leave systems be. That represents significant risk.
> We need to build better software, and that starts with simplicity. We need to stop putting everything, including the kitchen sink, into releases. We need to focus on code quality. Where we absolutely must update a system we should, by now, be able to hot patch it. The fact that as an industry we cannot is scandalous. We need to support distributions for many, many years. 

Software needs to balance between doing what is needed (which means. Keeping up with new technology, new use cases, new media types, etc) and being stable and secure.

If you insist that every thing be perfect from the start, you have nothing. Because perfect is the enemy of good.

> These are not FreeBSD-specific issues, but these are golden opportunities for FreeBSD to stand out from the crowd by releasing minimalist distributions, with high-quality software that is supported for many years, and includes the ability to hot patch vulnerable code.

You make something that has so far proved to be basically impossible sound super simple. If the software can be ‘hot fixed’ then the software can be modified. If it can be modified, then it must be secure. If it must be secure, you need to be able to fix bugs in the security and fix new-found exploits and move to newer security models.

There is a reason we no longer use SSL, and that is a good thing.

'Yeah, well, I didn't sign up for world domination,' said Medium
	Dave. 'That sort of thing gets you into trouble.' —Hogfather

More information about the freebsd-questions mailing list