Keeping software up-to-date on FreeBSD sucks. That's my one and only complaint. If that got comparably easier, I'd be switching from Ubuntu/Debian on servers back to FreeBSD.
I still run FreeBSD 8.4 on one production system, and recently decommissioned a FreeBSD 5 box that had been happily humming away in a colo for 10 years. I learned FreeBSD before Linux and prefer almost everything else about it...except that part about updating software.
If you take security seriously, you apply security updates in a timely fashion. For a while I was diligent about it on my FreeBSD boxes, monitored vuxml, and updated vulnerable packages regularly with this:
portaudit -a |
sed -ne 's/^Affected package: //p' |
sort -u |
xargs portupgrade -P -rv
When things go well, and binary packages exist for everything, this is almost as good as `unattended-upgrades` on Debian. But things don't usually go so well. Building packages from source occasionally doesn't bother me. Random breakages in ports and their dependencies bothered me a lot, and became the rule rather than the exception.
Near as I can tell Ubuntu/Debian wins here because it freezes packages alongside the OS release, except for backported security patches if you're on LTS. FreeBSD has only one ports tree. It's in constant flux, and (in my experience) is constantly broken. Why can't ports be branched off alongside the OS release and receive security backports? Maybe FreeBSD doesn't have the manpower to do this, maybe it's cultural, I'm not really sure. What I can say is it's relatively easy to check out, tweak, build and install ports on a case-by-case basis if for some reason you need the latest and greatest of something. I don't see the value in constantly having the latest and greatest of everything though, and it even seems a little antithetical to FreeBSD to me.
Anyway, so port upgrades suck, but base upgrades also suck. Doing an `apt-get dist-upgrade` to go from Ubuntu 12.04 to 14.04 "just worked." Rebuilding world to upgrade from FreeBSD 7.x to 8.x worked, but just barely, and the whole process scared the shit out of me. Random incompatibilities continued to crop up for some time after.
I think this one comes down to the integrated base userland + kernel in FreeBSD versus the "everything's a package" approach in Ubuntu/Debian. Kernel upgrades are much more common on Linux. Not that this is an objectively good thing, but rare events don't tend to get tested and optimized like routine ones do.
Note: if you're a diehard FreeBSD user and you've figured out how to keep your system up-to-date with minimum fuss, please school me.
I still run FreeBSD 8.4 on one production system, and recently decommissioned a FreeBSD 5 box that had been happily humming away in a colo for 10 years. I learned FreeBSD before Linux and prefer almost everything else about it...except that part about updating software.
If you take security seriously, you apply security updates in a timely fashion. For a while I was diligent about it on my FreeBSD boxes, monitored vuxml, and updated vulnerable packages regularly with this:
When things go well, and binary packages exist for everything, this is almost as good as `unattended-upgrades` on Debian. But things don't usually go so well. Building packages from source occasionally doesn't bother me. Random breakages in ports and their dependencies bothered me a lot, and became the rule rather than the exception.Near as I can tell Ubuntu/Debian wins here because it freezes packages alongside the OS release, except for backported security patches if you're on LTS. FreeBSD has only one ports tree. It's in constant flux, and (in my experience) is constantly broken. Why can't ports be branched off alongside the OS release and receive security backports? Maybe FreeBSD doesn't have the manpower to do this, maybe it's cultural, I'm not really sure. What I can say is it's relatively easy to check out, tweak, build and install ports on a case-by-case basis if for some reason you need the latest and greatest of something. I don't see the value in constantly having the latest and greatest of everything though, and it even seems a little antithetical to FreeBSD to me.
Anyway, so port upgrades suck, but base upgrades also suck. Doing an `apt-get dist-upgrade` to go from Ubuntu 12.04 to 14.04 "just worked." Rebuilding world to upgrade from FreeBSD 7.x to 8.x worked, but just barely, and the whole process scared the shit out of me. Random incompatibilities continued to crop up for some time after.
I think this one comes down to the integrated base userland + kernel in FreeBSD versus the "everything's a package" approach in Ubuntu/Debian. Kernel upgrades are much more common on Linux. Not that this is an objectively good thing, but rare events don't tend to get tested and optimized like routine ones do.
Note: if you're a diehard FreeBSD user and you've figured out how to keep your system up-to-date with minimum fuss, please school me.