Perpetually Current

classic Classic list List threaded Threaded
23 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Perpetually Current

new_guy
I would like to install OpenBSD *once* and keep it patched and secured for many years there after (5 - 7 years) in a production environment. Would it be feasible to get a snapshot today and follow -current for many years w/o having to reinstall? Basically, this approach would skip -stable and -release and always be -current. I understand the implications of being current and that things might change and break and may need re-configuring on occasion. I'm OK with that... I just don't want to reinstall a -release every year... although I'll still buy CDs as they are released to support the project.

Thanks,
Brad
Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Nick Guenther
On 12/27/07, new_guy <[hidden email]> wrote:
> I would like to install OpenBSD *once* and keep it patched and secured for
> many years there after (5 - 7 years) in a production environment. Would it
> be feasible to get a snapshot today and follow -current for many years w/o
> having to reinstall? Basically, this approach would skip -stable and
> -release and always be -current. I understand the implications of being
> current and that things might change and break and may need re-configuring
> on occasion. I'm OK with that... I just don't want to reinstall a -release
> every year... although I'll still buy CDs as they are released to support
> the project.

What you probably want is to go the upgrade-every-6-months route.

-Nick

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

STeve Andre'
In reply to this post by new_guy
On Thursday 27 December 2007 09:17:37 new_guy wrote:

> I would like to install OpenBSD *once* and keep it patched and secured for
> many years there after (5 - 7 years) in a production environment. Would it
> be feasible to get a snapshot today and follow -current for many years w/o
> having to reinstall? Basically, this approach would skip -stable and
> -release and always be -current. I understand the implications of being
> current and that things might change and break and may need re-configuring
> on occasion. I'm OK with that... I just don't want to reinstall a -release
> every year... although I'll still buy CDs as they are released to support
> the project.
>
> Thanks,
> Brad

There are two problems with what you are talking about.  The first is
that by its vary nature -current is a moving target, and there could be
a time when upgrading to the latest -current for a security fix might
introduce some new feature which you don't want.  In other words, you
can't just apply patches to -current, you need to move to the lastest
code.

The second problem are flag days, when something has changed such
that you almost certainly want to reinstall the OS.  The move from
a.out to ELF binary format is a good example of that.

You should always have a fall back procedure in place too,  but thats
always the case.

--STeve Andre'

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Henning Brauer
* STeve Andre' <[hidden email]> [2007-12-27 15:43]:

> On Thursday 27 December 2007 09:17:37 new_guy wrote:
> > I would like to install OpenBSD *once* and keep it patched and secured for
> > many years there after (5 - 7 years) in a production environment. Would it
> > be feasible to get a snapshot today and follow -current for many years w/o
> > having to reinstall? Basically, this approach would skip -stable and
> > -release and always be -current. I understand the implications of being
> > current and that things might change and break and may need re-configuring
> > on occasion. I'm OK with that... I just don't want to reinstall a -release
> > every year... although I'll still buy CDs as they are released to support
> > the project.

that will work fine as long as you keep an eye on current.html and
maybe source-changes, it is what many of us do.

> There are two problems with what you are talking about.  The first is
> that by its vary nature -current is a moving target, and there could be
> a time when upgrading to the latest -current for a security fix might
> introduce some new feature which you don't want.

why wouldn't you want a new feature?
we're being extremely careful to not break existing behaviour wherever
possible. of course, that is not always possible, but exceptions are
rare and well documented.

> The second problem are flag days, when something has changed such
> that you almost certainly want to reinstall the OS.  The move from
> a.out to ELF binary format is a good example of that.

ah yeah, and that happens every second week.
reality check: how often does that happen really?
the last "real" flag day on i386 was the a.out -> ELF move.
When was that? 3.3 I think. almost 5 years ago.

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Darrin Chandler
On Thu, Dec 27, 2007 at 04:07:00PM +0100, Henning Brauer wrote:
> > The second problem are flag days, when something has changed such
> > that you almost certainly want to reinstall the OS.  The move from
> > a.out to ELF binary format is a good example of that.
>
> ah yeah, and that happens every second week.
> reality check: how often does that happen really?
> the last "real" flag day on i386 was the a.out -> ELF move.
> When was that? 3.3 I think. almost 5 years ago.

I think the OP may have wanted something automated/scripted. While
"true" flag days are rare, -current often has some steps to perform as
listed on current.html. Since I've been following -current those steps
have been simple and easy to perform, but -current isn't something you
should do unattended from a cron job.

--
Darrin Chandler            |  Phoenix BSD User Group  |  MetaBUG
[hidden email]   |  http://phxbug.org/      |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

STeve Andre'
In reply to this post by Henning Brauer
On Thursday 27 December 2007 10:07:00 Henning Brauer wrote:

> * STeve Andre' <[hidden email]> [2007-12-27 15:43]:
> > On Thursday 27 December 2007 09:17:37 new_guy wrote:
> > > I would like to install OpenBSD *once* and keep it patched and secured
> > > for many years there after (5 - 7 years) in a production environment.
> > > Would it be feasible to get a snapshot today and follow -current for
> > > many years w/o having to reinstall? Basically, this approach would skip
> > > -stable and -release and always be -current. I understand the
> > > implications of being current and that things might change and break
> > > and may need re-configuring on occasion. I'm OK with that... I just
> > > don't want to reinstall a -release every year... although I'll still
> > > buy CDs as they are released to support the project.
>
> that will work fine as long as you keep an eye on current.html and
> maybe source-changes, it is what many of us do.
>
> > There are two problems with what you are talking about.  The first is
> > that by its vary nature -current is a moving target, and there could be
> > a time when upgrading to the latest -current for a security fix might
> > introduce some new feature which you don't want.
>
> why wouldn't you want a new feature?
> we're being extremely careful to not break existing behaviour wherever
> possible. of course, that is not always possible, but exceptions are
> rare and well documented.

I didn't express that well enough, I guess.  How about a change, such as
disks formerly showing up as wd but now sd?  By problem, I mean
something that has to be dealt with, not just insurmountable ones.

>
> > The second problem are flag days, when something has changed such
> > that you almost certainly want to reinstall the OS.  The move from
> > a.out to ELF binary format is a good example of that.
>
> ah yeah, and that happens every second week.
> reality check: how often does that happen really?
> the last "real" flag day on i386 was the a.out -> ELF move.
> When was that? 3.3 I think. almost 5 years ago.

Perhaps I'm wrong here, but I thought about every other release
there was a change that was a flag day.  I see that the upgrade
faq doesn't have a history so I'd have to dig for it.  Still, my point
was they do happen from time to time so the idea of living on
-current won't always work.

As I read his posting, new_guy is getting the concepts down.  Though
they are few, flag days still need to be understood.

--STeve Andre'

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Henning Brauer
* STeve Andre' <[hidden email]> [2007-12-27 16:42]:

> On Thursday 27 December 2007 10:07:00 Henning Brauer wrote:
> > * STeve Andre' <[hidden email]> [2007-12-27 15:43]:
> > > On Thursday 27 December 2007 09:17:37 new_guy wrote:
> > > > I would like to install OpenBSD *once* and keep it patched and secured
> > > > for many years there after (5 - 7 years) in a production environment.
> > > > Would it be feasible to get a snapshot today and follow -current for
> > > > many years w/o having to reinstall? Basically, this approach would skip
> > > > -stable and -release and always be -current. I understand the
> > > > implications of being current and that things might change and break
> > > > and may need re-configuring on occasion. I'm OK with that... I just
> > > > don't want to reinstall a -release every year... although I'll still
> > > > buy CDs as they are released to support the project.
> >
> > that will work fine as long as you keep an eye on current.html and
> > maybe source-changes, it is what many of us do.
> >
> > > There are two problems with what you are talking about.  The first is
> > > that by its vary nature -current is a moving target, and there could be
> > > a time when upgrading to the latest -current for a security fix might
> > > introduce some new feature which you don't want.
> >
> > why wouldn't you want a new feature?
> > we're being extremely careful to not break existing behaviour wherever
> > possible. of course, that is not always possible, but exceptions are
> > rare and well documented.
>
> I didn't express that well enough, I guess.  How about a change, such as
> disks formerly showing up as wd but now sd?  By problem, I mean
> something that has to be dealt with, not just insurmountable ones.

that is one of those rare changes, and it is well documented.

> > > The second problem are flag days, when something has changed such
> > > that you almost certainly want to reinstall the OS.  The move from
> > > a.out to ELF binary format is a good example of that.
> >
> > ah yeah, and that happens every second week.
> > reality check: how often does that happen really?
> > the last "real" flag day on i386 was the a.out -> ELF move.
> > When was that? 3.3 I think. almost 5 years ago.
>
> Perhaps I'm wrong here, but I thought about every other release
> there was a change that was a flag day.

nope.

we sometimes have mini-flagdays. they usually only affect people
building from source.

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

STeve Andre'
On Thursday 27 December 2007 10:46:26 Henning Brauer wrote:

> * STeve Andre' <[hidden email]> [2007-12-27 16:42]:
> > On Thursday 27 December 2007 10:07:00 Henning Brauer wrote:
> > > * STeve Andre' <[hidden email]> [2007-12-27 15:43]:
> > > > On Thursday 27 December 2007 09:17:37 new_guy wrote:
> > > > > I would like to install OpenBSD *once* and keep it patched and
> > > > > secured for many years there after (5 - 7 years) in a production
> > > > > environment. Would it be feasible to get a snapshot today and
> > > > > follow -current for many years w/o having to reinstall? Basically,
> > > > > this approach would skip -stable and -release and always be
> > > > > -current. I understand the implications of being current and that
> > > > > things might change and break and may need re-configuring on
> > > > > occasion. I'm OK with that... I just don't want to reinstall a
> > > > > -release every year... although I'll still buy CDs as they are
> > > > > released to support the project.
> > >
> > > that will work fine as long as you keep an eye on current.html and
> > > maybe source-changes, it is what many of us do.
> > >
> > > > There are two problems with what you are talking about.  The first is
> > > > that by its vary nature -current is a moving target, and there could
> > > > be a time when upgrading to the latest -current for a security fix
> > > > might introduce some new feature which you don't want.
> > >
> > > why wouldn't you want a new feature?
> > > we're being extremely careful to not break existing behaviour wherever
> > > possible. of course, that is not always possible, but exceptions are
> > > rare and well documented.
> >
> > I didn't express that well enough, I guess.  How about a change, such as
> > disks formerly showing up as wd but now sd?  By problem, I mean
> > something that has to be dealt with, not just insurmountable ones.
>
> that is one of those rare changes, and it is well documented.
>
> > > > The second problem are flag days, when something has changed such
> > > > that you almost certainly want to reinstall the OS.  The move from
> > > > a.out to ELF binary format is a good example of that.
> > >
> > > ah yeah, and that happens every second week.
> > > reality check: how often does that happen really?
> > > the last "real" flag day on i386 was the a.out -> ELF move.
> > > When was that? 3.3 I think. almost 5 years ago.
> >
> > Perhaps I'm wrong here, but I thought about every other release
> > there was a change that was a flag day.
>
> nope.
>
> we sometimes have mini-flagdays. they usually only affect people
> building from source.

Thats my point: running -current means building from source and
thus being affected.

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Henning Brauer
* STeve Andre' <[hidden email]> [2007-12-27 17:31]:
> Thats my point: running -current means building from source and
> thus being affected.

huh?
not at all.
you use snapshots of course.

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Jan Stary
In reply to this post by new_guy
On Dec 27 06:17:37, new_guy wrote:
> I would like to install OpenBSD *once* and keep it patched and secured
> for many years there after (5 - 7 years) in a production environment.

That's what upgrades are for.

> Would it be feasible to get a snapshot today and follow -current for
> many years w/o having to reinstall? Basically, this approach would
> skip -stable and > -release and always be -current.

You would just use the snaphots. Is that "reinstalling" for you?

> I understand the implications of being current and that things might
> change and break and may need re-configuring on occasion.

So why do you want to use it in production?

> I'm OK with that... I just don't want to reinstall a -release
> every year...

That's about one hour of work twice a year - what's wrong with that? Why
do you want to stay -current? What problem are you trying to solve, or
what are you trying to achieve by doing that?

        Jan

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Greg Thomas-3
In reply to this post by Henning Brauer
On Dec 27, 2007 8:35 AM, Henning Brauer <[hidden email]> wrote:
> * STeve Andre' <[hidden email]> [2007-12-27 17:31]:
> > Thats my point: running -current means building from source and
> > thus being affected.
>
> huh?
> not at all.
> you use snapshots of course.

STeve understands that but I don't think the original poster does.

Greg
--
Ticketmaster and Ticketweb suck, but everyone knows that:
http://ticketmastersucks.org
Obsession in the low desert:  http://lodesertprotosites.org
Dethink to survive - Mclusky

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Karsten McMinn
In reply to this post by Jan Stary
On Dec 27, 2007 10:47 AM, Jan Stary <[hidden email]> wrote:
>
> That's about one hour of work twice a year - what's wrong with that? Why
> do you want to stay -current? What problem are you trying to solve, or
> what are you trying to achieve by doing that?

obviously automation. regardless of personal administration ethics it
seems like a fair question.

Brad, you could crontab the cvs update on the local source tree, compile
and install kernels and userland out of crontab however often you want.
likewise if you wanted a binary route (snapshots).

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Joachim Schipper
On Thu, Dec 27, 2007 at 11:21:54AM -0800, Karsten McMinn wrote:

> On Dec 27, 2007 10:47 AM, Jan Stary <[hidden email]> wrote:
> > That's about one hour of work twice a year - what's wrong with that? Why
> > do you want to stay -current? What problem are you trying to solve, or
> > what are you trying to achieve by doing that?
>
> obviously automation. regardless of personal administration ethics it
> seems like a fair question.
>
> Brad, you could crontab the cvs update on the local source tree, compile
> and install kernels and userland out of crontab however often you want.
> likewise if you wanted a binary route (snapshots).

Yes, but in either case, you should very carefully check to see that
http://www.openbsd.org/faq/current.html has not changed first.
(Obviously, that's not the correct way to go about it, but it's
certainly the easiest.)

                Joachim

P.S. No, I am not dead. I hope to find some more time to read this list
Real Soon Now.

--
PotD: x11/ogle - DVD player

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Ingo Schwarze
In reply to this post by Karsten McMinn
Karsten McMinn wrote on Thu, Dec 27, 2007 at 11:21:54AM -0800:

> obviously automation. regardless of personal administration ethics
> it seems like a fair question.

If you understand the OP's question that way, you should also provide
the following answer to the OP:  There is no standard way for automated
upgrades on OpenBSD.  The standard upgrade procedure requires booting an
install system, usually from floppy, CD-ROM or bsd.rd, and rebooting once
more when the upgrade is done to get back to the production system.
I'm not aware of any sensible approach to automation of this standard
upgrade process.

> Brad, you could crontab the cvs update on the local source tree,

Combined with what follows, this is certainly bad advice.
HEAD is a moving target.  Sometimes, HEAD won't even compile
if you hit right in between two related commits.  So, installing
self-compiled HEAD stuff via cron on a production system is asking
for trouble.

When you simply want to run -current, snapshots are recommended.

> compile and install kernels

And reboot from cron after installing the kernel?
On a production system?
I would call that scary.

On the other hand, not rebooting after installing the new kernel
is even worse.  Some mini flag day might suffice to break part
of your userland.  That won't happen often, but on a production
system, you probably do not want to break things even once or
twice a year.  You know, *if* cron brings your server down, it
will very probably be right after the start of your long holiday.

> and userland out of crontab however often you want.

Upgrading userland from cron?
I wouldn't call that impossible, but...
Have a look at
  http://www.openbsd.org/faq/upgrade42.html

Specifically, you need the section entitled
  "Upgrading without install kernel"
starting with
  "This is NOT the recommended process.
   Use the install kernel method if at all possible!"

There are several steps to perform.
Some of them are not trivial, but they require thought.
There is no guarantee these steps are always the same:
Already the filename "upgrade42.html" is giving that away.
Almost certainly, some things will change during the five years to come.

So, scripting this is certainly possible, but it will be *much* more
fragile than upgrading manually, keeping the scripts up to date will
certainly be more work than doing manual upgrades twice a year,
und it is definitely not a job for newbies.

> likewise if you wanted a binary route (snapshots).

A bit better, but still:
 - Do you reboot from cron?
 - How will you make cron read, interpret and act according to
   http://www.openbsd.org/faq/current.html?
 - How will you make cron keep /etc in sync with the system?

Keeping a system up to date involves manual work,
either a little easy work for manual upgrades now and then,
or lots of hard and scary work for building and maintaining
an automatic system.  You choose according to your skill,
and according to your time budget...

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

ag@gmail
On Dec 28, 2007 4:07 AM, Ingo Schwarze <[hidden email]> wrote:
[...]
> Keeping a system up to date involves manual work,
> either a little easy work for manual upgrades now and then,
> or lots of hard and scary work for building and maintaining
> an automatic system.  You choose according to your skill,
> and according to your time budget...
[...]

The closest I have come to "automation" to stay -current is a small
shell script run through cron, which pulls current.html and diffs it
with a previous version. Any change, and it sends me an email so that
I know I have to go and look at current.html.

That's about it. As Ingo rightly mentions, full automation to stay
-current is a very scary thought!

-Amarendra

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Jason George
In reply to this post by new_guy
>I would like to install OpenBSD *once* and keep it patched and secured for
>many years there after (5 - 7 years) in a production environment. Would it
>be feasible to get a snapshot today and follow -current for many years w/o
>having to reinstall? Basically, this approach would skip -stable and
>-release and always be -current. I understand the implications of being
>current and that things might change and break and may need re-configuring
>on occasion. I'm OK with that... I just don't want to reinstall a -release
>every year... although I'll still buy CDs as they are released to support
>the project.


This is how a lot of issues get debugged... I've stumbled across a lot of
stuff by doing this.  

I pretty much only run some variation of -CURRENT on my prod boxes, but to be
fair, I don't have all my eggs in one basket, so I can handle some breakage
and downtime.

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Nenhum_de_Nos
In reply to this post by new_guy
On Dec 27, 2007 11:17 AM, new_guy <[hidden email]> wrote:
> I would like to install OpenBSD *once* and keep it patched and secured for
> many years there after (5 - 7 years) in a production environment. Would it
> be feasible to get a snapshot today and follow -current for many years w/o
> having to reinstall? Basically, this approach would skip -stable and
> -release and always be -current. I understand the implications of being
> current and that things might change and break and may need re-configuring
> on occasion. I'm OK with that... I just don't want to reinstall a -release
> every year... although I'll still buy CDs as they are released to support
> the project.

I have quite the same problem. my OBSD routers are usually old PII
boxes and doing this kind of upgrade on them is not trivial. other, I
have some remote routers I cant do this, so They run FBSD. I'd rather
use OBSD on my routers, but this thing of not been able to make 4.1
become 4.2 without a cdrom (as is recommended) makes me use OBSD only
in the closest routers. i'm not here to make comparissons from OSes,
or to make trouble. I just felt that would be good to say that if
anytime in OBSD this upgrade was possible it would be a great feature
(well, at least for me an the new_guy :) )

:)

matheus


--
We will call you cygnus,
The God of balance you shall be

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Darrin Chandler
On Wed, Jan 02, 2008 at 01:42:01PM -0300, Nenhum_de_Nos wrote:
> I have quite the same problem. my OBSD routers are usually old PII
> boxes and doing this kind of upgrade on them is not trivial. other, I
> have some remote routers I cant do this, so They run FBSD. I'd rather
> use OBSD on my routers, but this thing of not been able to make 4.1
> become 4.2 without a cdrom (as is recommended) makes me use OBSD only
> in the closest routers. i'm not here to make comparissons from OSes,
> or to make trouble. I just felt that would be good to say that if
> anytime in OBSD this upgrade was possible it would be a great feature
> (well, at least for me an the new_guy :) )

While it's "not recommended" the instructions for remote upgrading found
in the installation guide work flawlessly. I've used those instructions
on my colo boxes many times now. Nick doesn't just update them in the
FAQ, he tests them.

I will say this, though: read the instructions all the way through
before doing anything. Make sure you understand what's going on. Then
*follow* the instructions.

Remotely upgrading without console really does work, and it's pretty
quick. Try it some time on a machine you have physical access to, just
so you can run through it and see for yourself.

--
Darrin Chandler            |  Phoenix BSD User Group  |  MetaBUG
[hidden email]   |  http://phxbug.org/      |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Henning Brauer
In reply to this post by Nenhum_de_Nos
* Nenhum_de_Nos <[hidden email]> [2008-01-02 17:49]:

> On Dec 27, 2007 11:17 AM, new_guy <[hidden email]> wrote:
> > I would like to install OpenBSD *once* and keep it patched and secured for
> > many years there after (5 - 7 years) in a production environment. Would it
> > be feasible to get a snapshot today and follow -current for many years w/o
> > having to reinstall? Basically, this approach would skip -stable and
> > -release and always be -current. I understand the implications of being
> > current and that things might change and break and may need re-configuring
> > on occasion. I'm OK with that... I just don't want to reinstall a -release
> > every year... although I'll still buy CDs as they are released to support
> > the project.
>
> I have quite the same problem. my OBSD routers are usually old PII
> boxes and doing this kind of upgrade on them is not trivial. other, I
> have some remote routers I cant do this, so They run FBSD. I'd rather
> use OBSD on my routers, but this thing of not been able to make 4.1
> become 4.2 without a cdrom (as is recommended) makes me use OBSD only
> in the closest routers. i'm not here to make comparissons from OSes,
> or to make trouble. I just felt that would be good to say that if
> anytime in OBSD this upgrade was possible it would be a great feature
> (well, at least for me an the new_guy :) )

inline updates (i. e. without boot media) work just fine. the risk is a
little higher, thus we don't recommend that method - which doesn't
prevent you from doing it that way (I do)

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Reply | Threaded
Open this post in threaded view
|

Re: Perpetually Current

Douglas A. Tutty
In reply to this post by Nenhum_de_Nos
On Wed, Jan 02, 2008 at 01:42:01PM -0300, Nenhum_de_Nos wrote:

> On Dec 27, 2007 11:17 AM, new_guy <[hidden email]> wrote:
> > I would like to install OpenBSD *once* and keep it patched and secured for
> > many years there after (5 - 7 years) in a production environment. Would it
> > be feasible to get a snapshot today and follow -current for many years w/o
> > having to reinstall? Basically, this approach would skip -stable and
> > -release and always be -current. I understand the implications of being
> > current and that things might change and break and may need re-configuring
> > on occasion. I'm OK with that... I just don't want to reinstall a -release
> > every year... although I'll still buy CDs as they are released to support
> > the project.
>
> I have quite the same problem. my OBSD routers are usually old PII
> boxes and doing this kind of upgrade on them is not trivial. other, I
> have some remote routers I cant do this, so They run FBSD. I'd rather
> use OBSD on my routers, but this thing of not been able to make 4.1
> become 4.2 without a cdrom (as is recommended) makes me use OBSD only
> in the closest routers. i'm not here to make comparissons from OSes,
> or to make trouble. I just felt that would be good to say that if
> anytime in OBSD this upgrade was possible it would be a great feature
> (well, at least for me an the new_guy :) )

There has to be a way without CD.  Can't you put the 4.2 rd kernel on
the root filesystem and boot that then run the installer, pulling the
install sets via ftp?  I suppose for remote units you need some sort of
remote shell (e.g. serial terminal via modem).

Doug.

12