|
Replies:
13
-
Last Post:
Oct 18, 2009 9:31 AM
by: jurikm
|
Threads:
[
Previous
|
Next
]
|
|
Posts:
129
From:
RU
Registered:
3/17/08
|
|
|
|
OpenSolaris: insecure or unstable ?
Posted:
Oct 17, 2009 2:18 AM
To: OpenSolaris » discuss
Cc: Communities » security » discuss
|
|
I've recently found out that for OpenSolaris releases security update are not free...
It's quite confusing: end users receive either unstable (dev) or unsecure (release) system :)
Does somebody know if there are any plans to make OpenSolaris security updates free?
I think about CentOS/OpenSolaris-release for several our production servers (now they are running SXCE b97)... I'd better make them on FreeBSD, but SRSS doesn't like it... :)
|
|
|
Posts:
221
From:
RS
Registered:
11/13/08
|
|
|
|
Re: [osol-discuss] OpenSolaris: insecure or unstable ?
Posted:
Oct 17, 2009 2:32 AM
in response to: leoric
|
|
<style type="text/css">
<!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
-->
</style>
Maybe you could try to deploy Solaris 10, with all updates. OpenSolaris is new project. You could look at OpenSolaris as Ubuntu. They have once in three years LTS (long term support) which is similar to Solaris 10 and future Solaris 11 releases. Other releases are stable releases intended for 'non mission critical' applications'. Bi-weekly builds are pure development versions which you could not rely on anyway.
If OpenSolaris Community just publish some cutting-edge technology, it doesn't mean that it is stable, secure and mature at the same time.
Uros
------------------------------------ -----------
"Every kind of peaceful cooperation among men
is primarily based on mutual trust and only
secondarily on institutions such as courts of
justice and police."
- Albert Einstein (1879 - 1955)
> Date: Sat, 17 Oct 2009 02:18:42 -0700
> From: alp at rsu dot ru
> To: opensolaris-discuss at opensolaris dot org
> Subject: [osol-discuss] OpenSolaris: insecure or unstable ?
>
> I've recently found out that for OpenSolaris releases security update are not free...
> It's quite confusing: end users receive either unstable (dev) or unsecure (release) system :)
> Does somebody know if there are any plans to make OpenSolaris security updates free?
> I think about CentOS/OpenSolaris-release for several our production servers (now they are running SXCE b97)... I'd better make them on FreeBSD, but SRSS doesn't like it... :)
> --
> This message posted from opensolaris.org
> _______________________________________________
> opensolaris-discuss mailing list
> opensolaris-discuss at opensolaris dot org
<hr />Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you.
|
|
|
|
|
Posts:
129
From:
RU
Registered:
3/17/08
|
|
|
|
Re: [osol-discuss] OpenSolaris: insecure or unstable ?
Posted:
Oct 17, 2009 3:00 AM
in response to: urosn
To: OpenSolaris » discuss
|
|
> Maybe you could try to deploy Solaris 10, with all
> updates.
1) Our applications are no so critical to pay for Sun Support, and Solaris patches are available only by non-free subscription.
2) Solaris package system is quite ugly (in my opinion).
>OpenSolaris is new project. You could
> look at OpenSolarisas Ubuntu. They have
> once in three years LTS (long term support)
> which is similar to Solaris 10 and future Solaris
> 11 releases. Other releases are stable
> releases intended for 'non mission
> critical' applications'.
Yes, but my home Ubuntu is updated several times per month. It is not LTS, it's only 09.04 jaunty version. Why OpenSolaris 09.06, e.g. can't be updated in such a way (security fixes + minor application versions)? As I see on my test OpenSolaris 09.06 installation (updated recently with pkg iamge-update), it has firefox 3.1b3.... Why can't stable version of firefox be shipped with it? And such situation is with other security fixes and new apps. They come to /dev, but never backported to /release.
P.S> I know about OpenSolaris Subscription, but it is strange to buy support for updates of free system, especially when I can install some other free system with regular security updates (Debian, Ubuntu, CentOS or something else...). And why should I pay for consulting, if I need only to receive some software fixes regularly?
|
|
|
|
|
Posts:
221
From:
RS
Registered:
11/13/08
|
|
|
|
Re: [osol-discuss] OpenSolaris: insecure or unstable ?
Posted:
Oct 17, 2009 3:15 AM
in response to: leoric
|
|
<style type="text/css">
<!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
-->
</style>
I agree with you, but only I could say is that OpenSolaris project is just 4 years old and we have releases since 2008, so everything is under heavy development. Also, keep in mind that SUN has been bought by Oracle and currently is process of this acquisition in company itself, so your ideas will be on the desk at some point of time next year.
Of course if you would like to make some contribution to code, or write your ideas in one document, you are more than welcome to do so - just find proper community/project inside os.o and send them. They will hear it for sure and you will be informed more when you could expect those features integrated in OpenSolaris.
We need more active users like you.
Uros --------------------------------- -------------- "Every kind of peaceful cooperation among men is primarily based on mutual trust and only secondarily on institutions such as courts of justice and police." - Albert Einstein (1879 - 1955) > Date: Sat, 17 Oct 2009 03:00:36 -0700 > From: alp at rsu dot ru > To: opensolaris-discuss at opensolaris dot org > Subject: Re: [osol-discuss] OpenSolaris: insecure or unstable ? > > > Maybe you could try to deploy Solaris 10, with all > > updates. > 1) Our applications are no so critical to pay for Sun Support, and Solaris patches are available only by non-free subscription. > 2) Solaris package system is quite ugly (in my opinion). > > >OpenSolaris is new project. You could > > look at OpenSolaris</div><div>as Ubuntu. They have > > once in three years LTS (long term</div><div>support) > > which is similar to Solaris 10 and future Solaris > > 11</div><div>releases. Other releases are stable > > releases intended for</div><div>'non mission > > critical' applications'. > > Yes, but my home Ubuntu is updated several times per month. It is not LTS, it's only 09.04 jaunty version. Why OpenSolaris 09.06, e.g. can't be updated in such a way (security fixes + minor application versions)? As I see on my test OpenSolaris 09.06 installation (updated recently with pkg iamge-update), it has firefox 3.1b3.... Why can't stable version of firefox be shipped with it? And such situation is with other security fixes and new apps. They come to /dev, but never backported to /release. > P.S> I know about OpenSolaris Subscription, but it is strange to buy support for updates of free system, especially when I can install some other free system with regular security updates (Debian, Ubuntu, CentOS or something else...). And why should I pay for consulting, if I need only to receive some software fixes regularly? > -- > This message posted from opensolaris.org > _______________________________________________ > opensolaris-discuss mailing list > opensolaris-discuss at opensolaris dot org <hr />Windows Live: Make it easier for your friends to see what you’re up to on Facebook.
|
|
|
|
|
Posts:
276
From:
Registered:
2/24/07
|
|
|
|
Re: [osol-discuss] OpenSolaris: insecure or unstable ?
Posted:
Oct 17, 2009 4:11 AM
in response to: urosn
To: OpenSolaris » discuss
|
|
Sxce has had a long time bug or something with its registration wizard. Will the new sun/oracale wiz registery fix that ??
|
|
|
|
|
Posts:
133
From:
PL
Registered:
3/12/09
|
|
|
|
Re: [osol-discuss] OpenSolaris: insecure or unstable ?
Posted:
Oct 17, 2009 6:14 AM
in response to: leoric
To: OpenSolaris » discuss
|
|
> ... Solaris patches are available only by
> non-free subscription.
You are wrong. Solaris security patches are free, you just need to create account on sunsolve.sun.com
|
|
|
|
|
Posts:
220
From:
CZ
Registered:
4/15/09
|
|
|
|
Re: OpenSolaris: insecure or unstable ?
Posted:
Oct 17, 2009 6:55 AM
in response to: leoric
To: OpenSolaris » discuss
|
|
Don't think about it as Linux. It has more with BSD systems. Like OpenBSD. You have release, you can have stable with security updates but only for base system (sunsolve.sun.com). If you want updates for packages too then you must use current(dev). Which is not problem. It's problem when you must use another OS because OpenBSD is in current versions way ahead in stability then any other OS in its stable version.
|
|
|
|
|
Posts:
129
From:
RU
Registered:
3/17/08
|
|
|
|
Re: OpenSolaris: insecure or unstable ?
Posted:
Oct 17, 2009 10:11 AM
in response to: bodie
To: OpenSolaris » discuss
|
|
> Don't think about it as Linux. It has more with BSD
> systems. Like OpenBSD. You have release, you can have
> stable with security updates but only for base system
> (sunsolve.sun.com). If you want updates for packages
> too then you must use current(dev). Which is not
> problem. It's problem when you must use another OS
> because OpenBSD is in current versions way ahead in
> stability then any other OS in its stable version.
In BSD it's easier (at least in FreeBSD). Base system is updated quite regularly (e.g. after 7.1-RELEASE we had 7.1-RELEASE-p1, 7.1-RELEASE-p2 and so on...). And ports are updated separately and quite often... What is important, in FreeBSD we have at least two branches (current, stable and legacy). There are much more freedom: I may update to latest patch level, update to next release or to checkout current and get all cool features and new bugs :) And here I don't see RELEASE branch (patchsets and upstream), only stale releases or permanent CURRENT.
|
|
|
|
|
Posts:
164
From:
Zurich, Switzerland
Registered:
6/17/05
|
|
|
|
Re: [osol-discuss] OpenSolaris: insecure or unstable ?
Posted:
Oct 17, 2009 10:25 AM
in response to: leoric
|
|
Alexander wrote:
>
> In BSD it's easier (at least in FreeBSD). Base system is updated quite regularly (e.g. after 7.1-RELEASE we had 7.1-RELEASE-p1, 7.1-RELEASE-p2 and so on...). And ports are updated separately and quite often... What is important, in FreeBSD we have at least two branches (current, stable and legacy). There are much more freedom: I may update to latest patch level, update to next release or to checkout current and get all cool features and new bugs :) And here I don't see RELEASE branch (patchsets and upstream), only stale releases or permanent CURRENT.
>
IMHO, what is needed is a subscription below the Basic Support.
Just the package updates, as we can get support etc. here from the
community.
I would assume for approx. 20$/year, a lot of enthusiasts would pay for
it (I certainly would), while $324 is just too much.
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss at opensolaris dot org
|
|
|
|
|
Che Kristo
che@opensolaris.org
|
|
|
|
Re: [osol-discuss] OpenSolaris: insecure or unstable ?
Posted:
Oct 18, 2009 3:07 AM
in response to: burana
|
|
Totally agree with this...forking out 324 USD a year for each of my systems (laptop + workstation) per year is just too much. A basic support option just for security fixes etc at a reasonable price would fill that hole well. Call me cynical but Sun will probably ignore this and keep on ignoring the fact that not everyone is and "enterprise" grade user.
On Sun, Oct 18, 2009 at 04:25, Mika Borner <opensolaris at bluewin dot ch> wrote:
Alexander wrote:
In BSD it's easier (at least in FreeBSD). Base system is updated quite regularly (e.g. after 7.1-RELEASE we had 7.1-RELEASE-p1, 7.1-RELEASE-p2 and so on...). And ports are updated separately and quite often... What is important, in FreeBSD we have at least two branches (current, stable and legacy). There are much more freedom: I may update to latest patch level, update to next release or to checkout current and get all cool features and new bugs :) And here I don't see RELEASE branch (patchsets and upstream), only stale releases or permanent CURRENT.
Just the package updates, as we can get support etc. here from the community.
I would assume for approx. 20$/year, a lot of enthusiasts would pay for it (I certainly would), while $324 is just too much.
|
|
|
|
|
Posts:
164
From:
Zurich, Switzerland
Registered:
6/17/05
|
|
|
|
Re: [osol-discuss] OpenSolaris: insecure or unstable ?
Posted:
Oct 18, 2009 4:09 AM
in response to: Che Kristo
|
|
Che Kristo wrote:
> Totally agree with this...forking out 324 USD a year for each of my
> systems (laptop + workstation) per year is just too much. A basic
> support option just for security fixes etc at a reasonable price would
> fill that hole well. Call me cynical but Sun will probably ignore this
> and keep on ignoring the fact that not everyone is and "enterprise"
> grade user.
Maybe we just have to push them :-)
Here's a poll I've set up: http://www.doodle.com/3ev8fvdxn7yghr84
I'm targeting private, non-corporate users with this poll, who just want
security patches/bug fixes.
Personally, I'm fine paying a small fee. But hey, USD 324 is too much, I
have a family to feed :-)
Maybe Sun starts to smell the money, if we get lots of participants in
this poll who want to spend some cash... ;-)
Cheers
Mika
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss at opensolaris dot org
|
|
|
|
|
Che Kristo
che@opensolaris.org
|
|
|
|
Re: [osol-discuss] OpenSolaris: insecure or unstable ?
Posted:
Oct 18, 2009 5:56 AM
in response to: burana
|
|
I've signed for both my laptop and desktop and put a pointer to the poll on my blog too, lets hope the right people pay attention... Che 2009/10/18 Mika Borner <opensolaris at bluewin dot ch>
Che Kristo wrote:
Totally agree with this...forking out 324 USD a year for each of my systems (laptop + workstation) per year is just too much. A basic support option just for security fixes etc at a reasonable price would fill that hole well. Call me cynical but Sun will probably ignore this and keep on ignoring the fact that not everyone is and "enterprise" grade user.
Here's a poll I've set up: http://www.doodle.com/3ev8fvdxn7yghr84
I'm targeting private, non-corporate users with this poll, who just want security patches/bug fixes.
Personally, I'm fine paying a small fee. But hey, USD 324 is too much, I have a family to feed :-)
Maybe Sun starts to smell the money, if we get lots of participants in this poll who want to spend some cash... ;-)
Cheers
Mika
|
|
|
|
|
Posts:
221
From:
RS
Registered:
11/13/08
|
|
|
|
Re: [osol-discuss] OpenSolaris: insecure or unstable ?
Posted:
Oct 18, 2009 6:07 AM
in response to: Che Kristo
|
|
<style type="text/css">
<!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
-->
</style>
I also voted, but I think that SUN is now solving a lot of more harder problems like integration process, global future roadmap. Stuffs like support for 'home users' and 'small enterprises' are not so important tasks at the moment.
But we also have to know that OpenSolaris has been opened to target 'home users', so we should expect that some offers from SUN target us, at some point in future :).
Uros --------------------------- -------------------- "Every kind of peaceful cooperation among men is primarily based on mutual trust and only secondarily on institutions such as courts of justice and police." - Albert Einstein (1879 - 1955) <hr id="stopSpelling">From: che at opensolaris dot org Date: Sun, 18 Oct 2009 23:56:07 +1100 To: opensolaris at bluewin dot ch CC: opensolaris-discuss at opensolaris dot org; alp at rsu dot ru Subject: Re: [osol-discuss] OpenSolaris: insecure or unstable ? I've signed for both my laptop and desktop and put a pointer to the poll on my blog too, lets hope the right people pay attention... Che 2009/10/18 Mika Borner <opensolaris at bluewin dot ch>
Che Kristo wrote:
Totally agree with this...forking out 324 USD a year for each of my systems (laptop + workstation) per year is just too much. A basic support option just for security fixes etc at a reasonable price would fill that hole well. Call me cynical but Sun will probably ignore this and keep on ignoring the fact that not everyone is and "enterprise" grade user.
Here's a poll I've set up: http://www.doodle.com/3ev8fvdxn7yghr84
I'm targeting private, non-corporate users with this poll, who just want security patches/bug fixes.
Personally, I'm fine paying a small fee. But hey, USD 324 is too much, I have a family to feed :-)
Maybe Sun starts to smell the money, if we get lots of participants in this poll who want to spend some cash... ;-)
Cheers
Mika
<hr />Windows Live: Make it easier for your friends to see what you’re up to on Facebook.
|
|
|
|
|
Posts:
581
From:
CZ
Registered:
3/21/06
|
|
|
|
Re: [osol-discuss] OpenSolaris: insecure or unstable ?
Posted:
Oct 18, 2009 9:31 AM
in response to: burana
|
|
Hi,
Mika Borner píše v ne 18. 10. 2009 v 13:09 +0200:
> Che Kristo wrote:
> > Totally agree with this...forking out 324 USD a year for each of my
> > systems (laptop + workstation) per year is just too much. A basic
> > support option just for security fixes etc at a reasonable price would
> > fill that hole well. Call me cynical but Sun will probably ignore this
> > and keep on ignoring the fact that not everyone is and "enterprise"
> > grade user.
> Maybe we just have to push them :-)
>
> Here's a poll I've set up: http://www.doodle.com/3ev8fvdxn7yghr84
>
> I'm targeting private, non-corporate users with this poll, who just want
> security patches/bug fixes.
>
> Personally, I'm fine paying a small fee. But hey, USD 324 is too much, I
> have a family to feed :-)
>
> Maybe Sun starts to smell the money, if we get lots of participants in
> this poll who want to spend some cash... ;-)
>
> Cheers
> Mika
>
Stupid question (and my personal oppinion) - why could this not be
provided by community members? With build process more and more
documented for all parts, community members can try to produce such
backports based on source code commits to devel branch. Yes, it would
not be excellent but better than nothing.
Best regards,
Milan
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss at opensolaris dot org
|
|
|
|
|
