One major difference that I found between Linux and FreeBSD || How frequently do you install updates ?

john_rambo said:
bsduck
I didn't know that I was suppose to use the ESR. I wrote zero coz during the 6 months that I used OpenBSD I ran pkg_add -uvi from day 1 to the last day. Its not only Firefox but I didn't receive a single update for all the other apps that I was using like Pidgin, VLC, mpv, KeePassXC, etc.

But the base received updates using the command syspatch.
Click to expand...
When I was using OpenBSD, I did notice that in the name of security, they did insist on auditing third-party packages before allowing them into repos. And should those packages have updates - the updates get audited as well. That took up so much time and effort (There's a LOT of those desktop-oriented packages to go through, after all) that OpenBSD-cleared stuff was just WAY behind everything else. That made me think that maybe I should just use FreeBSD, and be sensible about my activities on the Internet. There's no such thing as "perfect security" or "useful and completely bug-free code". 😩
 
astyle said:
When I was using OpenBSD, I did notice that in the name of security, they did insist on auditing third-party packages before allowing them into repos. And should those packages have updates - the updates get audited as well.
Click to expand...
I've been using OpenBSD since the 2.x days and so far as I know they've not audited third party code unless it's going into base.

The message is always been clear - core focus is security of the base install, and you're on your own with ported software but anything with a really bad security record won't be ported (e.g. some FTP servers or web admin control panels).

I use both OpenBSD and FreeBSD - both have strengths and weaknesses. As do Windows, Mac, Linux, etc. No silver bullet, no one tool for every job, etc.
 
SirDice
I am running 13.0-RELEASE-p7. I want to get email notification at least 15 days prior to the EOL of 13.0-RELEASE-p7. Is this possible ?

Edit: When 13.0-RELEASE-p7 reaches its EOL is it possible to do an "in place upgrade" ? Or should I download the new ISO and do a fresh install. During my many years of using Linux I have done only one in place upgrade of Ubuntu.
 
Can't tell yet. 13.0-RELEASE will be EoL three months after the release of 13.1-RELEASE. As that hasn't been released yet we can't tell you exactly when this will be. Assuming the schedule is correct does give you an educated guess, the schedule names 26 April 2022 as the release date. Which means the EoL of 13.0 is probably somewhere around 26 july 2022.

www.freebsd.org

FreeBSD 13.1 Release Process

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.
www.freebsd.org www.freebsd.org

So, keep an eye on the release date of 13.1-RELEASE. Three months later 13.0-RELEASE will be EoL.
 
SirDice
Honestly speaking this is one thing that I don't like about FreeBSD. This "three months after the release of 13.1-RELEASE" is too confusing not only for newbies like me but experienced users like you.

Why do you think the FreeBSD team doesn't announce a date ? I am not expecting the day but we should get to know at least the year and month.

For example the LTS releases of Ubuntu is supported for 5 years so 20.04 will be supported until April 2025.

eternal_noob
26 july 2022 is too early. I just installed. Most Linux distro forums discourage users to do an in place upgrade coz in most cases it introduces instabilities of various kinds. What's the situation with FreeBSD ? Can I do an in place upgrade to preserve my system config and expect a smooth transition to the new release ?
 
FreeBSD doesn't have a simple LTS scheme but instead releases from STABLE branches, which are supported for a long time. As they never introduce breaking changes, upgrading from one minor release to the next is pain- and riskless.

So, instead of complaining, better try to first understand how the scheme works.
forums.freebsd.org

LTS support and version clarifications

Hello everybody, I have read the documentation for a while but have not been able to clarify my doubts. I will try to be as short as possible. At present according to this table: https://www.freebsd.org/security/#sup the latest LTS version is Stable 12. So if I wanted to have a long support I...
forums.freebsd.org forums.freebsd.org
 
john_rambo said:
For example the LTS releases of Ubuntu is supported for 5 years so 20.04 will be supported until April 2025.
Click to expand...
www.freebsd.org

FreeBSD Security Information

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.
www.freebsd.org www.freebsd.org

It's simple really. A major version is supported for at least 5 years. But only the latest minor version of a major branch is supported. The expected EoL of the entire 13 major branch is January 31, 2026.

john_rambo said:
Can I do an in place upgrade to preserve my system config and expect a smooth transition to the new release ?
Click to expand...
Yes. I have systems that have been progressively upgraded from 9.0-RELEASE (when I first installed them, many years ago) all the way to 12.3-RELEASE what they're running now.
 
Zirias
There is no "LTS", and there's no need for one because every major release is supported for a long term (AFAIK 5 years). This still means you must follow the minor releases (12.0 → 12.1 → 12.2 → [...]). Each minor release will reach EOL 3 months after the successor is released. BUT: Minor releases use the same ABI, so upgrades are pain- and riskless.
Click to expand...
Understood.
Q) How can I know that the my installed version is no longer supported and that its time for upgrading ?
Will freebsd-update fetch install and pkg update/upgrade fail ?
 
john_rambo said:
Will freebsd-update fetch install
Click to expand...
It will tell you there are no patches to download and tell you you have an unsupported version.

john_rambo said:
and pkg update/upgrade fail ?
Click to expand...
pkg(8) may complain about mismatched kernel version, and the installed packages could fail because they've been built for a newer version than you currently have. That's assuming you are using the official FreeBSD repositories. If you build your own repository you could build specifically for your EoL version, but you may run into various other issues.
 
SirDice said:
It will tell you there are no patches to download and tell you you have an unsupported version.


pkg(8) may complain about mismatched kernel version, and the installed packages could fail because they've been built for a newer version than you currently have. That's assuming you are using the official FreeBSD repositories. If you build your own repository you could build specifically for your EoL version, but you may run into various other issues.
Click to expand...
This is why I stick to ports, rather than packages. FWIW, I like 13.0-RELEASE, it took to my hardware like a champ. 😤
 
eternal_noob SirDice
I just received this email so I don't have to rely on the output of freebsd-update fetch install when my install reaches EOL. This mailing list thing is really useful.

eol.png
 
SirDice said:
Sign up for the freebsd-announce mailing list. …
Click to expand...

This should be an essential for anyone who uses, or takes an interest in, FreeBSD.

(I'm surprised that it's not a rule; there's general advice about lists, but nothing to steer a person towards essential announcements.)

john_rambo said:
… this email …
Click to expand...

<https://lists.freebsd.org/archives/freebsd-announce/2022-March/000018.html>


Announcement-related lists
  1. freebsd-announce <https://lists.freebsd.org/subscription/freebsd-announce>
  2. freebsd-ops-announce <https://lists.freebsd.org/subscription/freebsd-ops-announce>
  3. freebsd-ports-announce <https://lists.freebsd.org/subscription/freebsd-ports-announce>
  4. freebsd-snapshots <https://lists.freebsd.org/subscription/freebsd-snapshots>

More

ctm-announce exists, but the last announcement was more than five years ago.

Ports and Packages for Supported Releases | The FreeBSD Project

⚙ D34402 Website: Ports and Packages for Supported Releases Update
 
grahamperrin
I want to get notified about two things. (a) When to run freebsd-update fetch install and (b) when to upgrade to a new point release. I can understand that its not possible to notify user about when to run pkg upgrade coz that depends on the specific packages installed which differs from user to user.
 
john_rambo said:
I can understand that its not possible to notify user about when to run pkg upgrade coz that depends on the specific packages installed which differs from user to user.
Click to expand...
periodic(8) is enabled by default. It will do a daily, weekly and monthly scan. The daily security run includes running pkg-audit(8). I highly recommend configuring your systems to send the periodic emails to a centralized mailbox.

The security run will, for example, contain:
Code: 
Checking for packages with security vulnerabilities:
Database fetched: Mon Feb 28 03:21:51 CET 2022
db5-5.3.28_8: Tag: expiration_date Value: 2022-06-30
db5-5.3.28_8: Tag: deprecated Value: EOLd, potential security issues, maybe use db18 instead

So you're notified if something important comes up.
 
SirDice said:
I highly recommend configuring your systems to drop their mail to a centralized mailbox.
Click to expand...
This I have never done before so I will search for a tutorial online but thing I want to ask.
Q) Isn't running pkg update / package upgrade ultimately the same thing instead of checking a local mail ? I mean this mail needs to be checked using CLI right ? So instead of checking a mail if I run pkg update & pkg upgrade on a regular basis I am doing the same thing.
 
john_rambo said:
I mean this mail needs to be checked using CLI right ?
Click to expand...
My servers all mail to a central mailbox, and I read that with a webmail client or Thunderbird. But if you want to keep it locally, yes.

john_rambo said:
So instead of checking a mail if I run pkg update & pkg upgrade on a regular basis I am doing the same thing.
Click to expand...
Sure. But that just updates everything. You should also regularly check pkg-audit(8). Sometimes security issues are reported but the port/package hasn't been updated yet. It's good to know where any potential issues might be hiding, you might be able to mitigate them without updating/patching. I solved the issue from the example I posted by simply eliminating that db5 dependency (I didn't need it anyway).
 
SirDice said:
Sure. But that just updates everything. You should also regularly check pkg-audit(8). Sometimes security issues are reported but the port/package hasn't been updated yet. It's good to know where any potential issues might be hiding, you might be able to mitigate them without updating/patching. I solved the issue from the example I posted by simply eliminating that db5 dependency (I didn't need it anyway).
Click to expand...
So you choose not to install all the updates offered ? You pick particular packages and leave the rest ? Is there a reason for that ? Like avoiding breakage ? In the short period that I have FreeBSD I have updated everything but nothing broke.

Now suppose after running pkg-audit I find a vulnerable package say Thunderbird and there is no update available. What do I do then ? I can't uninstall Thunderbird. I need it.
 
john_rambo said:
I find a vulnerable package say Thunderbird and there is no update available. What do I do then ? I can't uninstall Thunderbird. I need it.
Click to expand...
Knowing there's a vulnerability is half of the battle. Like I said, sometimes you can take mitigating steps to prevent that bug from becoming a problem. And in other cases the best course of action is to stop using it until it gets fixed.
 
You must log in or register to reply here.
Back
Top