On 3 April 2014 22:04, Martin Braun <yellowgoldm...@gmail.com> wrote: > As we all know on the front page of OpenBSD it says "Only two remote holes > in the default install, in a heck of a long time". > > I don't understand why this is "such a big deal". > > A part from the base system in xBSD, OpenBSD - so far - also contains a > chrooted web server, that can't be used for much else than serving static > content, and then the X system, which also can't be used for anything > before installing some third party application. > > All in all the default install is pretty useless in itself and I am going > to quote "Absolute OpenBSD" by Michael Lucas: > > «You're installed OpenBSD and rebooted into a bare-bones system. Of > course, a minimal Unix-like system is actually pretty boring. While it > makes a powerful foundation, it doesn't actually do much of anything.» > > So we need those third party applications to start the party, yet none of > these applications receives the same code audit, security development and > quality control as OpenBSD does. > > As soon as we install a single third party application our entire operating > system is, in theory at least, compromised as these third party > applications gets installed as root. > > Maybe I am just plain stupid, but could someone explain to me the point in > "bragging" about only two remote holes in the default install, when the > default install is useless before you add some content to the system, > unless you're running a web server serving static content only.
Firewalls? BGP Routers? Email servers? Relayd load balancers? All base-only external facing devices that might be nice to not have exploits in by default. .... Ken > > Best regards. > > Martin
