OpenBSD

workaccount · 02-05-2007 3:06pm #1

Ive just been reading there on slashdot that the new 4.1 has been released.
It says in the editorial "We remain proud of OpenBSD's record of ten years with only two remote holes in the default install."

http://slashdot.org/

So how do they pull it off then. I thought holes were unavoidable to a certain extent.

nuada · 02-05-2007 3:13pm

From slashdot: "openBSD doesn't use the linux/windows "security" paradigm of "write software quickly, find security bugs, fix them ASAP". Their strategy is instead to be secure out of the box, at the price of a slower pace of development and less features."

Cake Fiend · 02-05-2007 4:58pm

workaccount wrote:

I thought holes were unavoidable to a certain extent.

They are - OpenBSD has had two.

aidan_walsh · 02-05-2007 5:02pm

Their list of advisories is still lengthy enough.

Blowfish · 02-05-2007 5:23pm

workaccount wrote:

Ive just been reading there on slashdot that the new 4.1 has been released.
It says in the editorial "We remain proud of OpenBSD's record of ten years with only two remote holes in the default install."

http://slashdot.org/

So how do they pull it off then. I thought holes were unavoidable to a certain extent.

You have to remember that thats for the default install, which is very restrictive anyway. Once you start opening up ports and running more services that number increases.

Martyr · 02-05-2007 5:26pm

"We remain proud of OpenBSD's record of ten years with only two remote holes in the default install."

how many services actually ran in the default install ? :PPPPP

nuada · 03-05-2007 10:21am

As far as I remember only ssh and a local smtp server are running by default.

OpenBSD

Comments