From owner-freebsd-questions@FreeBSD.ORG Sun Jun 3 07:20:28 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0B7C216A400 for ; Sun, 3 Jun 2007 07:20:28 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from host222.ipowerweb.com (host222.ipowerweb.com [66.235.210.10]) by mx1.freebsd.org (Postfix) with SMTP id DF8F013C43E for ; Sun, 3 Jun 2007 07:20:27 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 21148 invoked from network); 3 Jun 2007 07:17:21 -0000 Received: from unknown (HELO demeter.hydra) (24.9.123.251) by host222.ipowerweb.com with SMTP; 3 Jun 2007 07:17:21 -0000 Received: from demeter.hydra (localhost [127.0.0.1]) by demeter.hydra (8.13.6/8.13.6) with ESMTP id l537KQMd063832 for ; Sun, 3 Jun 2007 01:20:26 -0600 (MDT) (envelope-from perrin@apotheon.com) Received: (from ren@localhost) by demeter.hydra (8.13.6/8.13.6/Submit) id l537KPpT063831 for freebsd-questions@freebsd.org; Sun, 3 Jun 2007 01:20:25 -0600 (MDT) (envelope-from perrin@apotheon.com) X-Authentication-Warning: demeter.hydra: ren set sender to perrin@apotheon.com using -f Date: Sun, 3 Jun 2007 01:20:25 -0600 From: Chad Perrin To: freebsd-questions@freebsd.org Message-ID: <20070603072025.GA63806@demeter.hydra> Mail-Followup-To: freebsd-questions@freebsd.org References: <4661FAC9.9010806@transpacific.net> <20070602201740.202e768a.wmoran@potentialtech.com> <46621503.5030303@freebsd.org> <20070603043301.28d9bef2@localhost> <20070603055243.GB63366@demeter.hydra> <46625C7A.2060604@otenet.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <46625C7A.2060604@otenet.gr> User-Agent: Mutt/1.4.2.2i Subject: Re: BSD derivatives X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Jun 2007 07:20:28 -0000 On Sun, Jun 03, 2007 at 09:15:22AM +0300, Manolis Kiagias wrote: > Chad Perrin wrote: > > I'm not saying that's what the OpenBSD project does. I'm just saying > > that, for instance, the availability of the ath driver contradicts a > > claim that security is a top priority of the FreeBSD project. Only if > > it was installed and operational by default would that really be the > > case. > > > > Obviously, I'm assuming it's not installed by default. From what I've > > read so far, it's not -- please correct me if I'm wrong. > > > > > Actually to set the record straight, the ath driver is installed by > default in 6.2 RELEASE. > Installed by default meaning the card is recognized during FreeBSD setup > and the user is able to configure it immediately from sysinstall. > The ath driver was also present in 6.1 RELEASE (and maybe earlier?) > although it had to be manually activated as a kernel module and it was > not immediately obvious it was supported since it was not present in > sysinstall during setup. That still sounds like it's not "installed by default" in the sense that I meant it. By "installed by default", I mean you install the system and, without even knowing it (or making a decision), you discover you have a closed-source driver in your system. > Although the whole security issue is of course highly debatable, don't > forget how much more secure FreeBSD (or other open source OSes) are > compared to proprietary systems. I've been (and still am) a competent > Windows 200X server admin for years and have seen oh so many holes. Mind > you, most of them actually get exploited. It is nowhere near this in > FreeBSD. One of the keys for this is the fact that they're open source software, of course. To the extent that something like the ath driver is part of your system whether you want it or not, that additional security benefit is reduced. I'm just trying to differentiate between closed source software that affects system security and closed source software that doesn't -- because anything that isn't actually running doesn't affect security (all else being equal). -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Leon Festinger: "A man with a conviction is a hard man to change. Tell him you disagree and he turns away. Show him facts and figures and he questions your sources. Appeal to logic and he fails to see your point."