FreeBSD Security Survey

David Nugent davidn at
Sun May 21 22:42:13 PDT 2006

Doug Hardie wrote:
> On May 21, 2006, at 20:55, Colin Percival wrote:
>> If you administrate system(s) running FreeBSD (in the broad sense of 
>> "are
>> responsible for keeping system(s) secure and up to date"), please visit
>> and complete the survey below before May 31st, 2006.
> What doesn't fit into the survey very well is that all my servers are 
> production ones and it causes a lot of grief for users when I bring 
> them down.  I try to hold updates to once per year because of that.  I 
> am currently in the middle of upgrading from 5.3 to 6.0.  The easy 
> machines are done but there are still a few that will take 
> considerable on-site time which is not easy to come by.

A good failover strategy comes into play here.

If you have one, then taking a single production machine off-line for a 
short period should be no big deal, even routine, and should not even be 
noticed by users if done correctly.  This should be planned for and part 
of the network/system design. Yes, it definitely requires more resources 
to support, but I'll rephrase the same problem: what happens when (and I 
mean *when* and not *if*) a motherboard or network card fries or you 
suffer a hard disk crash (even 2+ drives failing at the same time on a 
raid array is not particularly unusual considering that drives are quite 
often from the same manufactured batch)?

Lack of a failover on mission critical systems that *can't* be offline 
is like playing russian roulette.

More information about the freebsd-stable mailing list