On Wed, Nov 19, 2008 at 10:34 PM, Jose de Paula Eufrasio Junior <[EMAIL PROTECTED]> wrote: > Hello, before anything else, I did read all material about the OpenBSD > security policies on the website. Now I am trying to get some more > insider insight on it. > Writing a paper about open source software security and not including > OpenBSD case is kinda idiot so I am running against time to find more > info.
I don't believe you'll adequately "summarize" or even fully understand, what makes OpenBSD succeed where it has, with a 5 question survey.. particularly the questions you've asked. spending time in the community sure will expose these characteristics though. in my opinion, the problem is that you are rating the success of these projects based on meaningless points. for example: "4) How the OpenBSD and OpenSSH projects deal with security problems and vulnerabilities found on the wild? Are the OpenBSD and OpenSSH discovered vulnerabilities full disclosed or are they worked under a blanket until fixed? Security fixes are rapidly developed and integrated on the current released version or only for a next release?" from my humble perspective, these sorts of things are *NOT* what make for success, this is the corporate mentality. it's the philosophies (or difference from others) that have brought success. either way, understanding the philosophical differences we (the developers, the project as a whole, and the community of users) have from other projects might lend you your best guest. if I were to make a suggestion, (aside from getting what you can out of the official website) combing through the misc@ archives for cases where both openbsd developers and users have spoken up, capturing the essence of what sets openbsd apart. I could give you a list of such threads that come to mind, but I think you should seek these out yourself, this is a research paper right? best of luck, ~Jason
