OSNews

Easier? Are you kidding me?

can you motivate this by anything remotely intelligent?

Easier to update than Linux? Here are the steps for FreeBSD:

# CVS Kernel source
# make buildworld
# make buildkernel
# make installkernel
# reboot
# mergemaster -p
# make installworld
# mergemaster
# reboot

This is all that it takes to download new source and recomile the kernel. There are few bianry methods of updating the kernel as well. Some of the binary (if not al) also support a graphical interface. Now the above process covers the kernel, base and userland utilities.

No in regards to the applications:
# CVS
# Build index (not sure about the 5.x branch)
# Compile application

Now in regards to compiling the application; you actually have a config file that you can set up so that it will maintain all your compile options for every application. Once its set; its set. If you want to upgrade your applications; you can use portupgrade (aka one command).

As for the other BSD's; there are some automated tools that work with the config files; aka they don't use mergemaster (from what I remember).

So you have the source and binary way to patch your kernel and tools. You also have an easy way to install applications as well as upgrading them.

I hope that hope that some (Open, Net, DF) BSD users can correct me on how easy it is to patch their systems; as well as install and upgrade applications.

PS: forgot to mention that I am a FreeBSD and Debain user. And yes; Debian also makes it easy as well.

PSS: Just trying to point out that both can be upgraded. Just trying to dispell some *bsd myths. Thats all.

"PSS: Just trying to point out that both can be upgraded. Just trying to dispell some *bsd myths. Thats all."

Opps. Type-O. Should have been:

"Just trying to point out that both can be easily upgraded. Just trying to dispell some *bsd myths. Thats all."

Is there an easier way?
With arch-linux, all you have to do is:
#pacman -Syu
and your entire system is up to date.
Although, I think your method updates using source, and arch-linux method uses binary so not really comparible.

I was thinking of trying FreeBSD6 on my laptop when it comes out, but it seems a bit too different than what I'm used to :-(

"Easier to update than Linux? Here are the steps for FreeBSD:"

Dude, you're recompiling your entire system in your listed steps. Do you really think Enterprise administrators are going to want to recompile their kernel, base libraries and executables every time there is an apache vulnerability? Your example takes at least an hour and requires a reboot. "rpm -Uvh apache.rpm" takes a few seconds and requires only one service to be restarted.

"Easier to update than Linux? Here are the steps for FreeBSD:"

Dude, you're recompiling your entire system in your listed steps. Do you really think Enterprise administrators are going to want to recompile their kernel, base libraries and executables every time there is an apache vulnerability? Your example takes at least an hour and requires a reboot. "rpm -Uvh apache.rpm" takes a few seconds and requires only one service to be restarted.

You're comparing patching a security hole in the kernel / OS, with updating an application ... very different beasts.

To update an application in FreeBSD you either use the ports tree or the package tools, depending on if you want to compile the app yourself or not.

To update Apache on FreeBSD using the ports tree requires:
1. cvsup the ports tree
2. fetch the new index (make fetchindex)
3. run portupgrade to automate downloading the new sources, compiling the new version, uninstalling the old version, and installing the new version
4. restart Apache

To update Apache on FreeBSD using the pkg tools requires:
1. run portupgrade with -P or -PP to automate downloading the new binary package, uninstalling the old version, and installing the new version
2. restart apache

Something I've never liked about Linux distributions is that there is no clear delineation between what is the OS and what are the apps runing on top. Since every little command on the system is packaged and managed through the same package manager as the apps, everything is all intermingled. How do you update just the base OS services, without updating your apps (like Apache, Postfix, MySQL, KDE, etc)? Why is everything installed into /usr?

The nice thing about the BSDs is that you know what's part of the base OS (/ and /usr), and you know what's been installed on top (/usr/local and similar). You know that you can update the base OS independent of the applications, and vice versa.

Show me a Linux distro that has the concept of a BASE OS that can be upgraded / patched completely independent of the apps running on top, and you'll make a lot of IT people very happy.

Dude,
I am sorry to say. You don't know what are you talking about. When it comes to compiling the kernals, you have to reboot the server in order to boot into the new kernal.

And for your info, FreeBSD is one of the oldest and most respected Free Open Source Operating System. Besides RPM -uvh method u mentioned is so damn dependency ridden, I would never want to work with RPMs unless forced. That's all from me.

Actually, OpenBSD is one of the most simple systems to patch. Take a look at http://www.openbsd.org/errata37.html and view the instructions in each patch to see what I mean. Far more simple than patching FreeBSD. Second, out of the hundreds of security updates to OpenBSD, only one in 8 years allowed root access. How many has linux had in the past 8 years, even with it's "simple" patching system?

I might be the odd type, but I find updating OpenBSD extremely easy. Update your cvs tree, then compile and install kernel/userland/X/ports, then merge changes from configuration files and make devices. Only Gentoo Linux makes it easier with portage.

You want it even easier? Look at 'man release'; set up a build-machine and automate every step in a small shellscript, and it will automagically produce a custom-tailored install-medium of your choiche (CD, ramdiskkernel to PXE-boot, whatever) that will deploy your customized OS without any hassle.

Then again, for an enterprise it probably *is* more easily to have a binary-update mechanism that works à la Windows-update; but this doesn't give you a clean OS from scratch.

As always, it solely depends on the capabilities of the administrator in charge.

I was going to say this too. OpenBSD is by far the easiest system to patch of any I've used. The security advisories are easy to find, well described, and even doing patches manually is really easy.

Uh, no.

The easiest system to keep updated, with patches, security updates, and kernel updates, is Debian. It is the most stable and secure system for the enterprise.

apt-get update
apt-get dist-upgrade

Done. You can also upgrade only certain packages. Also, Debian does not make changes to config files where you have made changes from the package maintainer version (and stops, and asks you how you want to proceed).

There isn't a better enterprise OS. Fact.

I agree, this OS is one of the most secure operating systeims in the world. It is widely deployed, scalable, and is continuing to grow. HP pissed away a software gem when they acquired Compaq. Had they marketed OpenVMS more than HP-UX, OpenVMS may have had a commanding share of the operating system market. DCL is probably they biggest hurdle to get users to use OpenVMS, but in time OpenVMS will provide a full POSIX-like interface so application developers can take advantage of their huge install base.

Ports can be done in a similar fashion.
Don't bother trying to use NFS to share out a central ports tree. Not worth the hassle when you try to update a single program across a dozen+ systems, at the same time.

Better solution: set up a central build system and build binary packages (make package instead of make install) which will all be put into /usr/ports/packages/All. NFS mount that directory to the other systems, and use portupgrade -PP to do the upgrade using your custom binary packages.