Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Sep 2000 07:28:57 -0400
From:      Garance A Drosihn <drosih@rpi.edu>
To:        Bill Fumerola <billf@chimesnet.com>, cjclark@alum.mit.edu
Cc:        freebsd-advocacy@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG
Subject:   Re: wats so special about freeBSD?
Message-ID:  <v04210101b5ee4af3aa49@[128.113.24.47]>
In-Reply-To: <20000920011859.V66839@jade.chc-chimes.com>
References:  <89731E9AF92BD411869200D0B71BB4DC0FC297@ASERVER> <200009191942.e8JJgMc03338@gits.dyndns.org> <20000920001652.U66839@jade.chc-chimes.com> <39C83CC6.9BCD1F32@confusion.net> <20000919221242.O367@149.211.6.64.reflexcom.com> <20000920011859.V66839@jade.chc-chimes.com>

next in thread | previous in thread | raw e-mail | index | archive | help
At 1:18 AM -0400 9/20/00, Bill Fumerola wrote:
>On Tue, Sep 19, 2000 at 10:12:42PM -0700, Crist J . Clark wrote:
>
> > I use FreeBSD and it cannot be said FreeBSD is not one of the
> > more secure OSes out there (with the standard caveat, "when
> > properly configured"), but I think OpenBSD has every right to
> > make the claims they do.
>
>I never questioned the right to make the claims (they've earned
>it), but I just wondered if people just read what everyone else
>says about each BSD and accepts as the gospel truth or actually
>uses this old crusty tool called research.

Based on my quick overview of both, OpenBSD does seem better for
some things, and I'd loosely define those things as "security".
FreeBSD has only been serious about security audits for a short
time, and for part of that auditing, the first step is usually
"Let's see what OpenBSD has done in this component".  That
happens much more than "Let's see what Microsoft has done in
this area for security", or "Let's see what Linux has done
for security".   If WE are using OpenBSD as a reference for
code-auditing, it seems silly to get our backs up in the air
when someone else references OpenBSD as "most secure".

Furthermore, OpenBSD does decide to "button down" it's default
configuration more than FreeBSD does.  That is it's choice,
and for some people that choice is reassuring.  One of the guys
on the staff here wanted to use "some decent unix" for doing
DHCP & DNS, and for his purposes OpenBSD's "button down" attitude
was and is reassuring.  He is not a die-hard unix wizard, and he
does not want these machines broken into because "he forgot" to
disable some stupid service he does not need, but did not realize
he does not need.  If it was not for his confidence in OpenBSD on
that issue, we might still be running WinNT for DHCP, and trying
to figure out how to use WinNT for DNS too (shudder).

While I have no concerns about FreeBSD's security, I do think
there will always be a place for OpenBSD's focus.  I think it
does all of us BSD's good to have someone in our group who
is "competing" on security issues, and thus keeping all of us
focused on that.  Without that, we will focus on Microsoft,
and that path will be an endless stream of adding features
without any concern for security issues.


---
Garance Alistair Drosehn           =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer          or  drosih@rpi.edu
Rensselaer Polytechnic Institute


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-advocacy" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04210101b5ee4af3aa49>