Re: Possible unsafe use of strncat in sbin/sysctl/sysctl.c

[David Holland <dholland-current%netbsd.org@localhost>]

On Wed, Aug 24, 2011 at 07:31:14PM +0200, Jimmy Johansson wrote:
 > > I've been running various versions of -current for years.  It is
 > > almost always stable, almost always builds.  That said, I only
 > > upgrade when there is a pressing reason.  And pressing reasons only
 > > come along every six months or so.

As have I, including on production machines, and I've had less trouble
with it than "stable" of most other platforms. This is why I hang
around here and not elsewhere. :-)

 > I would have thought that it would be the other way around, if you
 > drift to far from HEAD you have a nightmare to upgrade? Before I even
 > knew that NetBSD existed I ran Debian unstable around Debian 2.x
 > something and I kind of base my understanding of running bleeding edge
 > from that. If you let a Debian unstable installation drift to far it is
 > kind of hell to upgrade.

We, thankfully, aren't Debian. One of the other things you'll find
different is there's no need to reinstall periodically. I kept the
same installation on my desktop in my office for nearly ten years
(across multiple hardware migrations), from 1.5M (?) to I think
5.99.31, which was at that point itself some months out of date.

For much of that time I wasn't even reading current-users, not that I
really recommend that.

 > One question though, how do you know that there is pressing reasons to
 > upgrade, do you refere to changes made to the code base or do you refere
 > to problems with your own hardware?

I update every once in a while, occasionally because a bug I've run
into has been fixed, or because of a security advisory, but more often
just when a good opportunity arises, e.g. a power failure has already
wiped out my desktop, or I need to shut down anyway to deploy new
hardware.

There's some risk of getting a bad -current if you update blindly, but
it's fairly rare.

-- 
David A. Holland
dholland%netbsd.org@localhost