On Thu 28 Mar 2024 at 12:36:56 (+0100), Emanuel Berg wrote: > Michael Kjörling wrote: > > >> "Secure by default" is an OpenBSD slogan BTW. Or they have > >> made it into one at least. But I'm not sure it is any more > >> secure than Debian - maybe. > >> > >> https://www.openbsd.org/security.html > > > > If I'm not mistaken, OpenBSD is "secure by default" by being > > "extremely minimalistic by default". > > > > Last I looked, which in fairness was a while ago, a default > > installation of OpenBSD includes almost nothing that normal, > > present-day users would expect to find on their system. [...] > > Ah, surely it can't refer to that as that would be completely > ridiculous as it would imply "wanna install stuff? sure, but > then it isn't secure anymore".
It's not clear what "isn't secure anymore" means. But anyway, “"Secure by Default" “To ensure that novice users of OpenBSD do not need to become security experts overnight (a viewpoint which other vendors seem to have), we ship the operating system in a Secure by Default mode. All non-essential services are disabled. As the user/administrator becomes more familiar with the system, he will discover that he has to enable daemons and other parts of the system. During the process of learning how to enable a new service, the novice is more likely to learn of security considerations.” from https://www.openbsd.org/security.html OTOH: “There are many applications one might want to use on an OpenBSD system. To make this software easier to install and manage, it is ported to OpenBSD and packaged. The aim of the package system is to keep track of which software gets installed, so that it may be easily updated or removed. In minutes, a large number of packages can be fetched and installed, with everything put in the right place. “The ports collection does not go through the same thorough security audit that is performed on the OpenBSD base system. Although we strive to keep the quality of the packages high, we just do not have enough resources to ensure the same level of robustness and security.” from https://www.openbsd.org/faq/faq15.html (Package Management). Cheers, David.
