...possibly infinite, when comes to FreeBSD!
OK, mea culpa. I have "misoverestimated" FreeBSD in some regards. I need "lower expectations" from it.
After I posted a bunch of ten posts on FreeBSD (listed here), I've got some very sharp and disparaging reactions, especially for the post Updating Firefox 2 and FreeBSD 6.2.
What the FreeBSD users and developers failed to understand is that I had good reason for higher expectations. No, I have not completely misunderstood what STABLE means (or should have meant). They're free to say that STABLE is still a development branch. One would nevertheless expect a good reliability of something that's labeled STABLE. A minimum stability is required, otherwise the usage of word "stable" is completely illegitimate and it should compromise the credibility of the FreeBSD project.
Let's explain the legitimacy of my scenario — the Firefox 2 one.
1. I installed FreeBSD (RELENG_6_2) 6.2-RELEASE from CDs, with almost all the binary packages that were available.
2. Next, I looked for PyQT packages (py24-qt4-*) in the online repository of packages, and I was surprised to see that the packages-6.2-release does NOT have them, but only packages-stable includes them.
3. As much as I hate the source patches that are specific to BSD, I was relieved to think that for software outside the base system, there are no source patches issued by the FreeBSD engineering team. For instance, when Mozilla releases a new, security-patched version of Firefox, it's not a small patch that I should apply, but rather either download a newer package from packages-stable, or build it from ports, as a last resort.
4. Now, tell me that I was wrong with that, but it just can't be: packages-6.2-release only holds the obsoleted firefox-1.5.0.8,1.tbz (Nov 16, 2006) and firefox-2.0.r2,1.tbz (Oct 28, 2006), whereas newer, safer versions are only packaged under packages-stable, as firefox-1.5.0.11_1,3.tbz and firefox-2.0.0.3_1,1.tbz, which are currently the latest of their respective branches.
5. I don't want to install any package provided by Mozilla (except when I need to use Windows). In an OS that has a package management system, a security policy, and a QA policy, I always favor the use of the OS-provided packages. But hey, as packages-6.2-release is something frozen, I must use packages-stable for getting a newer Firefox!
6. A newer Firefox is not a caprice. I don't need the "latest and greatest" version of any package under this Universe, but with Firefox, a newer version from a given branch (1.x, 1.5.x, 2.x, 3.x) usually is a security-patched_ one, so upgrading to the latest Firefox is a must__ for the security-concerned user.
7. So I am FORCED to use the "STABLE" branch. Apart from Firefox and possibly other packages that have security issues (not part of the base system), I need PyQt4, which is not in the "RELEASE".
8. Wow, but what kind of a package management is this, if pkg_add -r is unable to add a newer package from STABLE, just because I have older packages from RELEASE (because the installation CDs are obviously RELEASE)?! I know that there are complex dependencies, and pkg_add knows it too, but it lacks a decent way of updating everything that's dependency — something that all the Linux package managers can do! (And no, using -f is not a good option.)
9. Well, then I remembered it was announced that X.org 7.2 was going to replace X.org 6.9, and in the meantime that was an accomplished fact already. I don't care about ports (they're not "branched", right), but the outrageous fact is that X.org 7.2 has contaminated packages-stable! Everything that I get from packages-stable and it is in some way dependent of X.org will trigger the NEED to upgrade to X.org 7.2!
10. Let's put it this way: under FreeBSD 6.2, to get a newer Firefox, you MUST upgrade from X.org 6.9 to X.org 7.2! And this is something I don't want to be forced to do. I don't care about the upgrade instructions, because this is by no means a reasonable request, to perform such an upgrade for a trivial package update! There is no other OS under the known Universe, except for the BSD family, where you need a newer X.org to be able to use a newer Firefox!
11. Everything else, namely playing with portupgrade, for either Firefox or PyQt4, was just to see if there is any smarter way to fix the issue. I repeat, I do not care about the X.org update instructions. This is not something I should care about. I only wanted a newer Firefox, with the latest security patches, and I wanted it from FreeBSD, not from Mozilla!
12. With or without my references to RHEL and Debian, or to any other Linux distribution, there is an obvious fact here: FreeBSD (and possibly all the other BSD flavors, except maybe PC-BSD, which can provide PBIs) is not observing any rational stability model — unless you stick with RELEASE, but then you lose in the security department. IMNSHO, FreeBSD is simply overrated, and I was personally in the mistake of believing that FreeBSD is what it is not.
I have put my twelve steps well-delimited, in the attempt of making myself understood by the FreeBSD readers who usually fail to follow what I am writing. I was trying to cut the excessive wordiness, but it seems that verbosity is needed.
I am terribly sad that I have to drop FreeBSD 6.2. But this is exactly what I am doing now.
I return to my "Tux dump". It is a dump, but it's at times more coherent — not always, but anyway, even when most of the Linux camp fails to follow some guidelines, a few mainstream distros try to keep things safe and sound.
23 commentsYour previous article on this subject should be retitled to "How to break your FreeBSD system in 4 easy steps".
Actually you could add another step to that - "Step 1. Ensure all clue and willingness to learn is eliminated from your brain".
You're so kind, Rob!
Go n-ithe an cat thú is go n-ithe an diabhal an cat.
Sláinte,
Béranger
Oh man, just because of people like you, Florent may even feel bad. What a crap. That man will sacrifice his free time to create something good (yes, the modular Xorg is a good thing) and a Linux-wannabe kid like you will cry out that he cannot upgrade his firefox. What a shame, please stick to your Linux and don't forget to spread how BSD is crapy (or better spread how you are lame).
BTW, stop saying bullshit that the Xorg update is risky, it worked perfectly for me and many of people I know. Geez :/
It is risky AS A PRINCIPLE! You will not find a single Linux distro (or please name other OS, say Solaris), where, right after you have installed from the original disk set the latest version (which, BTW, is *not* old!), you are FORCED to upgrade X.org to a completely different point version, just to have... an updated Firefox!!!
Can't you see how crazy the whole isue is?
And let Florent cursing me sarcastically: he should have fuckingly shut up, because it is NOT HIS fault I was condemning! It's the fucking fault of those who decided to accept a major X.org upgrade 4 months after 6.2 was released!!!
Ok, if you don't want the security updates for X.org too when you improve the security of FireFox, go right ahead and choose Linux.
Seriously committed to security distros like Red Hat Enterprise Linux and Debian STABLE choose to backport patches to X.org, should the upstream stop fixing security issues for an older version. Oh, and even NetBSD 3.1 has X.org 6.9, so I guess it *can* be maintained, right?
>This is not something I should care about.
Then *buy* MacOS and be happy ... or wait, donating some money or actually helping with problems would be nice too. But lamenting about *your* problem with reading instructions is more than lame. It's actually trolling for beginners.
Of course it *can* be maintained but it's impossible to do with every version that has been published and in the end, X.org 6.9 support cycle will end because not everyone will want to support an old version.
I'm sure many people are in your footsteps and still have an older version of X.org which would benefit from being forced to upgrade to a newer version. Not everybody has the time to wonder about every security fix that has been applied and use the time to apply them.
I agree it's a lack of feature that you have to upgrade the X.org system when there's a dependency but calling it a flaw, I don't think so. But for how long should the system not force you to upgrade a dependancy? Should it take into account the difference of version numbers and the age or should the age also be counted for in the formula? If you would like to lead such a project or support one that intends to solve this problem, I encourage you to do so.
If one would drop the forced dependency upgrade, there could be conflicts, crashes, "undocumented features" or even security issues nobody has thought of and you would be vulnerable to them, intended or otherwise. That would be because the version differences are so many because everybody has different versions and would be more impossible to maintain every possibility. There has to be some kind of forced upgrade for the open source world to work...
I'm sorry about the FeeBSD guys' reaction. I understand that they must have felt pissed by the way you express yourself (you are certainly not very polite in your posts), but still they should have been intelligent and mature enough to see that *maybe* there is *some* truth and reasonable criticism in what you say. Instead, they just jump to point you how idiot you are for not knowing things that should be *obvious*.
Anyway, if I didn't misunderstand, it seems that:
- RELEASE is a "dead" branch. Something like a reasonably bug free snapshot of STABLE after going through some basic (beta, RCs) testing, but that it never gets security and bugfix updates. So I wonder, what's the point of RELEASE. Who is it targeted at? Those for whom stability is critical are generally the same for whom security is critical, so RELEASE is not good for them. Maybe it's good for those users without internet connection, though.
- STABLE is a rolling branch. The ports get updated just like in Debian Sid, except that there are no changes to FreeBSD's specific base system (what in the Linux world would mean the Kernel, Glibc and a few other packages). This is what I like for myself, since for my desktop needs I prefer this kind of updating system than to upgrade the whole system (usually reinstalling) every 6-12 months. However, I admit this is good only for those of us who don't mind/enjoy fixing things here and there (and have the time and knowledge for doing it). It's certainly not for enterprise customer or just "normal" users ("normal" users might prefer RELEASE as long as they are not concerned about security and can live with unfixed bugs might they step on one).
- CURRENT is where changes to the base system happen. In Linux, it would be like the kernel's RCs. This branch seems only suitable for FreeBSD developers (and geeks wanting to help them in testing).
This makes it clear why they have such a low market share. They only target at users without internet connection (RELEASE), advanced desktop users (STABLE) and themselves, FreeBSD developers (CURRENT).
Not that I care. I will try STABLE once it becomes 7-STABLE. Just for fun, though, since it doesn't offer me anything over Linux (and it has some disadvantages).
Do you remember the saying: "it's more than a crime, it's an error?"
In this case, "it's more than a flaw, it's a decision I can't accept".
As for the answer to the question: "for how long should the system not force you to upgrade a dependancy?", here's mine:
-- During a lifetime of a point release of the OS (6.2 in this case), you CAN actually BE FORCED to update a dependency, but only as long as updating a dependency can be done automatically, without having the package manager to whine, and w/o having to take special precautions or read "instructions".
-- In the "other world" (RHEL, Debian stable), this usually means that a package with the version 6.9.0 when shipped can be automatically and quietly and forcefully upgraded to 6.9.1.02._r2_pl15.EL5.whateverelse, which means it's only patched, not upgraded to a different point release of the package!
Now, this is how enterprise-grade stability and safety is attained in Linux.
Oh, wait: if "pkg_add -r firefox" would be able to perform ALL the upgrades needed to switch to the latest FF 2.0.0.3, then I wouldn't have complained.
But it's not able to do that...
Luis, thanks, I guess you are mostly right, but I won't assert anything more here.
boy, boy; after all this talk about Linux not being conservative enough, Beranger has finally found an OS too conservative for his liking...
I've always said, he should write his own OS; perhaps trying to do this would shut him up.
this is nitpicking at its worst m8. what is it that you really want from your operating system?
anyway if you want a bsd OS for your desktop , try pc-bsd and not freebsd.
Of course FreeBSD isn't Zen. It's FreeBSD. I'm afraid you completely misunderstand the "purpose" of the word "Zen".
I completely sympathize with Béranger's points here. As far as I am concerned, the defensive reactions from many FreeBSD folks are defending an illegitimate point of view.
Upgrading something as fundamental as x.org with anything but security fixes or important fixes INSIDE a stable release is simply a mistake. The FreeBSD people could really learn from the linux land if they could get off their high horse.
Mistakes are not bad; we can fix them after all. However, the elitist better than thou attitude is childish and infuriating to deal with. If you are bothered by this, then please read the previous sentence. See, I can be childish too. The comment that he should write his own OS is perfect example of what I am talking about here. Come on, work with us here.
To summarize... People are a problem.
After mulling over this some more, I suggest moving away from FreeBSD to OpenBSD.
If you can get past the spartan installation (not too hard really), then the rest of the experience should fit much closer into what it seems you want from an OS.
To the FreeBSD folks, please read the following for a different perspective on how to handle this kind of problem. Don't overdue it with the old guard mentality.
http://www.openbsd.org/faq/faq15.html#PkgSecurity
And eet... I think you have it wrong. I think he found that FreeBSD is not conservative enough. Beranger, please correct me if I am wrong.
Ted,
Thanks. You made a great case by pointing to OpenBSD's policy: "When serious bugs or security flaws are discovered in third party software, they are fixed in the -stable branch of the ports tree, and a selection of updated binary packages is made available." (And nothing more.)
Sure thing, FreeBSD's ports are not branched... but the packages are! Which makes a gross inconsistency: how can a package branch be "-stable", when it's built from unbranched ports! The "-stable" packages should be updated ("serious bugs and security flaws") versions of the "-release" packages! (It's hard to do that when you don't have a branched ports tree, but this isn't my fault.)
To me FreeBSD is contradictory:
(1) On one hand, very conservative, in that you have to perform dozens of post-install config steps. (Not a very big problem per se, as I have to perform some post-install config steps in Slackware Linux too, for instance.)
(2) On the other hand, not consistent enough when comes to the "stability vs. security" in ports and packages. Most noticeably, the use of the word STABLE is abusive, and relying to "stable packages" is at least as risky as using a "testing" branch of a Linux distro.
As for OpenBSD, I managed in the past to get it installed, but it was easy only because I could allow it a full disk. When installing it in a multi-boot system, it's trickier, because a mistake in calculating the slice and the partitions will corrupt your other OS. (See Pau's article: http://www.aei.mpg.de/~pau/zen_process_obsd.html)
I need a mental break before re-reconsidering OpenBSD.
My solution for dealing with the OpenBSD solution was to purchase an entirely separate computer to install it on. Just because I want to be esoteric, I chose a UltraSparc SunBlade 100 with 512mb of memory (less than $100 CAD from ebay) with adequate performance.
Adding another computer to my collection wasn't a big deal, since it is fairly small, with a passively cooled CPU. The machine sits under my monitor, and I usually just SSH into it from my openSUSE workstation.
For me, this is the most practical solution.
I purchased a very chee
Comments are closed, complaints to info@.
Bye.