The problem with this is not the 4 years. The problem is the new release each half year.
Up to now, a new release appeared about once a year. That did mean, upgrade, find the undocumented changes and regressions, spend about three months worrying, testing, fixing whatever - and then have some nine months where the systems would just run, and other useful work could be done.
Now we have this hassle every six months - and no, it will not be less troublesome.
That's exactly my fear, too, and why I put my concerns a bit more dramatic-naiv.
Short:
It makes no sense to just produce newer versions in shorter times,
just for to produce newer versions in shorter times.
If - and that's how I want to understand Colin Percival - the goal is
'just' to reorganize the resources,
so they are splitted less because of fewer versions to maintain,
for that having more resources to produce higher quality on the focused ones,
which also will deliver a more predicatble, planable release-schedule,
which
may also decrease the time-span between releases,
then I am 100% behind that.
Long:
I fear there is lots of pressure coming from those 'bleeding-edge-surfers'. I don't know if there is actually a term for the who always must have the most recent version available, impatient checking several times daily, if there is something to update, and then immediatly update it right away.
That has nothing to do with 'bug patches', or 'security'.
It's mostly simple frantic - in my opinion.
I am running 13.3, because besides 14.0 and 14.1, that is the
RELEASE for production.
And I can tell you today when I will upgrade: Two to three weeks
after the release of 13.4 (app. october.)
To 13.4.
I am a simple only-user.
I am not doing any development on FreeBSD.
This is not some kind of experiment for me. This is my machine I do all my work on.
For that it has to work stable, reliably, and trustworthy, and nothing else.
So I am running RELEASE, only.
Why shall I struggle with some yet-not-finished, not ready to be released for production version yet?
Does this makes me feel insecure about my system?
No.
I daresay 99% of safety issues come from having a bad password, running software you don't know its origin, don't check the sha256/512-checksums, click on dubious e-mail-attachments, stay on dubious websites with an outdated browser not wearing a condom, being too open/careless with permissions, having stuff installed you don't use/need thus increasing attack surface for no reason,
and of course naturally when there actually is a vulnerability detected, e.g. in ssh, openssl, pf, bash, or whatever, and this you don't update to the fixed version.
But not because of I have gimp-2.10.38,1 installed instead of gimp-2.10.38,2.
And if it's fixed, it's fixed in all supported versions.
It doesn't matter if I run 13.3, or 14.1. As long as they are supported, the fixes are available.
I subscribed the security-announcement mailing list; there are not that many things one needs to be really concerned about.
One may not fear not having the most recent version of every app immediatly may a wide open attack gate.
On the contrary, the gimp I knew from fifteen years ago looked exactly the same, and did exactly the same.
With one major difference: It never crashed.
Nowadays besides libreoffice gimp is the most unstable software I have installed, seems to work without a crash for more than a couple of hours by pure luck only.
And no patch/update/upgrade fixed that in the last five years.
Only the type of crashes changed.
I know libreoffice/gimp is not FreeBSD.
That was just an example.
A couple of years ago the one or the other new version of FreeBSD delayed for a few months.
Explanation:"We're sorry, guys, but there are several issues we don't cope with yet."
To me it was very convincig chosen the right OS.
This
actually produced my confindence, really increased my trust I have into FreeBSD.
Before that I used Windows, and Linux (mostly SuSe and Ubuntu).
Updates
every day. Updates, Updates, Updates... "A new update is available. Do you..."
No! I do not want. But I have to, because you shit will not stop annoying me, until I did.
Always the fear: "Now which shit will not work properly anymore? What will now start to crash?"
I barely seen any useful improvement, mostly changes of UI. Just to relearn things, again.
Never seen a single bug bothered me was fixed, but other bugs came.
I do know that development is needed.
I do know patches fix bugs, as also (some) updates, and (some) upgrades may also bring improvement.
My point is:
Every engineer knows:
Any change is a potential risk for new bugs.
So updates do not always improve things only.
There always is a real risk to actually worsen things, especially when too many updates are released within too short time-spans.
We just saw the prove for that in large again with this CrowdStrike desaster,
that an update may even cause more damage than if it was prevented (maybe in this case even worse than a malware attack.) One may better waited a couple of days, before update (And I bet there are companys experienced exactly this.)
Take your time to do it right, and test things - then release!
Don't bother me with a new version of some lib with lots of dependencys everytime some newbie on the project had corrected a typo within a comment.
And then the rest refuses to work, because all other depending Apps have to be updated, only now to use the new version number of the lib.
(True story. But don't ask me for details; too long ago.)
I once really did checked it (Linux). Actually compared the new version of some lib with its former version.
The only difference I found was the version number, only. Nothing else changed.
But lots of crap refused to work suddenly because of this 'update'.
And I din't can't wait several days, until everything else
may be also updated, and
may function again as I was used to. I had a dead-line for delivery my finished work the very next day. And not the will to do, what I formerly did in this situation several times before: Completely reinstall my whole system, again, except this time
not doing the recent update.
Yes. This is bogus!
But what to do else? When you cannot remove the update again, neither can wait, nor rely on the needed updates are being delivered in time to make the system work again, so you can finish your work on time.
I tried something. I simply edited that lib. Simply renamed the file, and tinkered with emacs, changed its version number to the former one.
Voilá, everything was working fine again.
I finished and delivered my work on time.
That counts for me.
Not having v0.3.4.5.4b_3.0.0.1,0.a,0.1 instead of v0.3.4.5.4b_3.0.0.1,0.a,0
This update-madness not only pisses me.
Way worse it lowers my trust into the according system.
Massively, deeply, and lasting.
That's why I put my fear in such post like this one, again.
"
... not again!! No! Please, no!! Guys, calm down!"
I don't want the newest.
I want reliability, and stability.
And I guess especially producers of embedded systems see it similar.
I upgrade/update/patch when it's needed to do so, not because of there is a new version available.
That's what I appreciate of FreeBSD.
By now updates came reasonably.
And that there also is at least the possibility to remove possible 'bad' updates, even to downgrade, again.
Falling back to the former state, which at least worked stable and reliably, is major, crucial point to guarantee work can be done with it.
Only going forward, only, and if there was a bug in the update you have to wait for the next update, that
may come, one not knows when, not knows if the bug will even be fixed, or if even new ones are delivered...just wait - that's crap!
And just because Windows (I do know that in newer versions there is a chance to remove some updates again [just to prevent corrections from bean-counters]) and (most) Linux, doesn't mean this the reference to be done so everywhere.
FreeBSD in some things lacks behind Linux' bleeding edge. For me not in things I miss or care. Of course, personal taste, absolutely.
But for that I have (most of the time) a consistent, reliably working system I have trust and confidence in.
Way -
way - more than into Linux, or Windows.
And I simply do not want that to change.
My fears come up again everytime when I read here:
"Where is the new version! Guys, you promised yesterday! You are one day behind schedule!! Release!!! Faster!!!!
I already installed 15...when 16 is released?!...17, 18,... faster! faster!!"
Why? For what?!
Guys! Relax!
Where does this stress come from?
What do you need some not-yet-finished prototype, so unreliable, unstable for?
I cannot imagine you are all developing on it.
And I think developers know how the situation is.
But if nobody of the senior-ones here, the established, the mature ones, the experienced, the real engineers - and there are lots of those here - don't relevate things, calm things down, I feel the impatient ones might win some day if nobody says something about it.
So I feel the urge to post, that there may also be another side, another perspective.
Maybe I'm mistaken, but I feel I'm not the only one.
I am not the guy who sleeps on the sidewalk just to be one of the very first ones getting the most recent toy.
I am an engineer with real experience in real industry's product development.
And others here may certify it even more:
Never buy a product, that's just released.
Wait at least until the worst flaws, and bugs are being corrected (if.)
Doesn't matter if it's automotive, electronics, household equipment,..., or software.
Keeping time schedules is way more important than to produce quality - at least in consumer's.
Because there are enough monkeys grabbing greedy for any new crap without concerns.
But real engineers want to have and want to do things properly, and right.
I hope, wish, and still believe, here they are in the majority.