As we all know on the front page of OpenBSD it says "Only two remote holes in the default install, in a heck of a long time".
I don't understand why this is "such a big deal". A part from the base system in xBSD, OpenBSD - so far - also contains a chrooted web server, that can't be used for much else than serving static content, and then the X system, which also can't be used for anything before installing some third party application. All in all the default install is pretty useless in itself and I am going to quote "Absolute OpenBSD" by Michael Lucas: «You're installed OpenBSD and rebooted into a bare-bones system. Of course, a minimal Unix-like system is actually pretty boring. While it makes a powerful foundation, it doesn't actually do much of anything.» So we need those third party applications to start the party, yet none of these applications receives the same code audit, security development and quality control as OpenBSD does. As soon as we install a single third party application our entire operating system is, in theory at least, compromised as these third party applications gets installed as root. Maybe I am just plain stupid, but could someone explain to me the point in "bragging" about only two remote holes in the default install, when the default install is useless before you add some content to the system, unless you're running a web server serving static content only. Best regards. Martin