On Tue, Mar 15, 2022 at 01:08:38AM +0100, i...@tutanota.com wrote: >Do you believe that OpenBSD has less attack vectors? I fail to see >that. If I install a basic Debian, just as an example, with only the >base system, there is nothing running to attack. If I install NGINX on >OpenBSD and on Debian, about equal attack vectors exist.
You probably meant to write "if I install NGINX on OpenBSD and on Debian, about equal attack vectors exist in NGINX". >In this case I would perhaps prefer to use NGINX over httpd for the >exact reason mentioned, it is much more battle tested. Fantastic. Congratulations! Now put it in a chroot on OpenBSD and, assuming the Nginx team has actually created a legitimate port using the security features available in OpenBSD, you have threat mitigations at the operating system level that likely are not available in Debian.
