On Fri, 20 Nov 2009 15:31:47 +1100 Rod Whitworth wrote: > On Thu, 19 Nov 2009 19:06:53 -0800, rhubbell wrote: > 8>< snipped for brevity. > >> You miss the point - the reason we toot that particular horn is that > >> you don't have to worry about those sorts of things (well, apart from > > > >Definitely not missing the point. Maybe you missed mine. Not "worrying" > >because you trust everything about OpenBSD and everyone that's worked on > >it and every package you've installed and every piece of hardware you've > >installed, etc., etc. It's naive to point elsewhere and say "see, > >they're not secure". For example should I trust you and the other > >"tooters" just because you insist OpenBSD's secure? > > No. That isn't the point really. It's very rare for OpenBSD to have > exploits against it but I don't hear any of the developers saying that
How would you know though? Your argument has been compromised because it's presuming the exploit's detectable. > it is impregnable, just that it's as good as they can make it for their > own peace of mind. They are continually re-reading the source and using > various tools to do audits to help make the code correct. Correct code > is a foundation of security. > As you are new here, you may not yet know that OpenBSD doesn't give a > stuff about "market share" and is developed by the devs for their own > use and if someone else likes it, it's a case of "Here's the ftp server > or you can buy a CD and if it suits your purpose, that's fine. If it > doesn't then we won't cry when you leave." I'm finding it amusing that when folks on the list ask a question answered in the docs it's always RTFM. But when not asking for documented info it comes flwoing out. (^: > > That has suited me for about 8 years and it has guarded quite a few > "crown jewels" for my clients in that time. Guarded by which definition? Meaning as far as you know it was never compromised? > > Oh, and I'm a retired IBM Linux instructor so I have a pretty good > insight into the relative merits of this community vs that one. Too vague for me. > > > > The point of most chuckling about others (distros,versions, dev teams) > silly actions is that the OpenBSD community doesn't suffer the > stupidity du jour. Recent sightings elsewhere are binary blobs, > proprietary drivers and the really stupid Debian key messup. > > Just a bit of Schaudenfreude really when you consider that their woe > is > self-inflicted. Right so my point is that I still find it interesting that these threads about "look at them" are just some hand-waving. "Look over there, look how they are, hahaha." That to me is a red flag to be more vigilant and to not look over there, but they seem to be trying to distract from vigilance.
