OpenBSD最安全,最稳定的版本

转自OpenBSD Misc Maillist

Nicolas Letellier wrote:
> Hello misc@,
>
> I have a question :
>
> If I want the last packages/ports, I use a -current system, with
> -current ports tree. Last updates of softwares are in -current. On the
> other hand, they're developpement versions,
Might be better to say they are what is going to become the NEXT release.
> If I want a *very* stable system (in production for example), I use
> -release or -stable system.
That may be what you do, but you are generally wrong if that is your goal.
The goal is that the BEST version of OpenBSD is -current.
This goal is usually met.
The people who usually experience trouble with -current often can't
run -release/-stable at all, so no big loss.  IF there is a bug in
-current and you don't find it, it may very well exist in the next
-release.  The sooner bugs are found, the happier everyone is.
*The name -stable refers to the API and functionality, not to the
robustness of the system.*  If you create a binary today, it will always
run on the same version of -stable.  If you are used to one way
something works, it will continue to work that way on -stable
If you are worried about your system's security or possibility of doing
something bad, run -current.  Really.
The name -stable was really an unfortunate choice, giving people the idea
that anything other than the APIs and functionality of -current was
"unstable".  Other projects have done a lot to reinforce this idea, but
the fact that other projects use the "I screw it, maybe you can fix it"
development model does not mean OpenBSD does.
Again, the most robust, best supported, most secure version of OpenBSD
is -current.
> On the other hand, packages and ports are
> not updated even it's necessary (for example, the last mozilla-firefox
> is in 2.0.0.6 in ports tree -release and 2.0.0.10 in -current port tree).
and in a few days, it will probably be 2.0.0.11.  Don't fool yourself
into thinking that running the newest version means you are "secure".  In
that case in particular, it just means you are running a version where
they reacted to a few more bugs.  "Better than IE" is the Mozilla goal,
not "good".  If you are doing things that expose yourself to Firefox
vulnerabilities, you probably aren't going to save yourself by running
the "lease insecure" version on a secure OS.
There are some apps where the lack of a -stable version is an issue, but
Firefox is not one that wins any sympathy with me.
> If I use openbsd, it's for security and stability. Or, I must do a
> choice between :
> * stability (-stable, -release) with no security updates of packages/ports,

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有