[HN Gopher] Evaluating FreeBSD Current for Production Use
___________________________________________________________________
Evaluating FreeBSD Current for Production Use
Author : rodrigo975
Score : 40 points
Date : 2022-05-20 14:50 UTC (1 days ago)
(HTM) web link (klarasystems.com)
(TXT) w3m dump (klarasystems.com)
| tablespoon wrote:
| The title this HN is post wrong, it should be "Evaluating FreeBSD
| CURRENT for Production Use" as used in the original article.
|
| The capitalization is important, since it makes it very clear
| it's talking about the CURRENT branch.
| synu wrote:
| Out of curiosity, as someone who doesn't use FreeBSD what does
| "Current" (not all caps) imply instead?
| icedchai wrote:
| I'm not sure. The intent seemed clear without the
| capitalization. (Though I've been a FreeBSD user for over 25
| years.)
| cyberpunk wrote:
| It means the 'current' latest development code, not a release
| branch.
|
| When FreeBSD cuts a release the code is handed over to a
| releng team (e.g on GitHub you'll see releng/13.1 atm) who
| handle security fix back ports and suchlike. Development then
| continues on master (or whatever the svn equiv is) until they
| cut another release.
|
| So, this would be building from master. Or main. Whatever.
| Instead of using a release branch
|
| :}
| GekkePrutser wrote:
| For me it's daily driver. Though not current but release.Just
| updated to 13.1-RELEASE yesterday.
|
| For who isn't into FreeBSD, release is like debian stable and
| current is the upcoming dev release. Like debian sid but not
| rolling
| SpaceInvader wrote:
| I wish FreeBSD was more popular. I run it on my personal servers
| for more than a decade non-stop. I do have currently one FreeBSD
| at home which works as my NAS/backup server/whatever I need it to
| do plus two remote machines (mail/www/db/ns running in jails).
| About a year ago I migrated one FreeBSD to OpenBSD because it's
| just an advanced router.
|
| I took conservative approach and I always run -RELEASE version,
| not even -STABLE. I'm glad Klara is evaluating -CURRENT branch,
| good read.
|
| Btw, once - several years ago I bought an new system and network
| card was not supported in the -RELEASE branch, so I took the
| driver from -CURRENT, compiled and loaded as kernel module.
| Worked flawlessly :)
| just_for_you wrote:
| Question: If you use the FreeBSD Ports collection for the
| services you run, how do you deal with Ports' quarterly
| releases? One reason I haven't used FreeBSD much is because of
| the fear of doing bulk updates every 90 days, and having to fix
| random things that might break due to software upgrades.
|
| For a home server I have no problem with this, but if it's
| something I want to leave in production and have security
| updates for, I'm more at-ease using Debian or Ubuntu with their
| 3- and 5-years' worth of support.
|
| Is there something I'm missing about using FreeBSD in
| production, or is anything outside of the base system just
| supposed to be more hands-on?
| bigpeopleareold wrote:
| I cannot say much with any confidence because I started
| revisiting FreeBSD after a long (like 15 years! :) ) absence.
| However, from what I see there are ways to mitigate issues
| that might occur. For example, doing a ZFS snapshot before
| doing a package update can be one thing to do. I think if you
| have a cluster of machines, doing a canary update with the
| option to rollback sounds like something that would ease the
| mind. I think also the tooling will allow you to control any
| bulk updating. This is in fact what I was starting to play
| with today - new port updates are available, how do I do
| selective updates? It's possible, but some reading of the
| handbook and/or man pages will get to that answer probably.
| cyberpunk wrote:
| Ports are rolling release. Simply run 'portsnap fetch update'
| and you'll have the latest available in /usr/ports just one
| 'portmaster -a' (upgrade) away.
|
| Same goes for packages (pkg), they are rolling release.
|
| No idea where you're getting this 90 days release stuff from
| :) (Perhaps there's a LTS 'release' for ports? I don't think
| many people use it if there is. Trust me, you're safe enough
| with rolling ports).
| mortenlarsen wrote:
| FreeBSD has two repositories of packages, quarterly and
| latest. $ cat
| /usr/local/etc/pkg/repos/FreeBSD.conf FreeBSD: {
| enabled: no } # disable the default config FreeBSD-
| latest: { url:
| "pkg+http://pkg.FreeBSD.org/${ABI}/latest", #url:
| "pkg+http://pkg.FreeBSD.org/${ABI}/quarterly",
| mirror_type: "srv", signature_type: "fingerprints",
| fingerprints: "/usr/share/keys/pkg", enabled: yes
| }
| inferiorhuman wrote:
| https://www.freebsd.org/security/#sup
|
| > Under the current support model, each major version's
| stable branch
|
| > is explicitly supported for 5 years, while each individual
| point release
|
| > is only supported for three months after the next point
| release.
|
| You've got plenty of time for support. These days I only use
| FreeBSD for homelab stuff but... yeah you can go two ways
| really. Portsnap + rebuilding your packages to track updates
| or track an official package server that gets regular
| updates. Because I don't have to scale this shit out the
| setup I ended up with was to point pkg(8) at a varnish
| instance that queries a "latest" repo, and then the jails hit
| the varnish instance.
|
| Unlike some debian-ish distros I don't think there's any
| security-update-only repo for ports/packages to track.
| Meanwhile freebsd-update(8) handles security updates for the
| base system.
___________________________________________________________________
(page generated 2022-05-21 23:01 UTC)