On Jan 5, 2008, at 11:22 PM, Karthik Kumar wrote:
Secure by default. Ship with nothing and call it secure. Wow! Maybe it shouldn't start the network by default, huh? Then that's secure, isn't it? Start no daemons, start no shells: ZOMG!!! it's secure :P
Oddly, I find this more sensible than "start with everything wide open and on, because a user doesn't know what he might need."
OpenBSD got pwned a year ago with another remote hole. I hope they find enough so they can stop bragging about 'Secure by default'. Do you realize that many people just can not live with 'default'? Look: people do "use" OpenBSD for things other than plain old fvwm with xterm. And keeping security as a goal is not just for a stupid dubious marketing campaign.
Default works pretty well for me: [EMAIL PROTECTED]'s password: Last login: Sat Jan 5 15:29:22 2008 from 10.10.13.22 OpenBSD 4.1-current (GENERIC) #328: Wed Jul 11 20:22:58 MDT 2007 Welcome to OpenBSD: The proactively secure Unix-like operating system. Please use the sendbug(1) utility to report bugs in the system. Before reporting a bug, please try to reproduce it with the latest version of the code. With bug reports, please try to ensure that enough information to reproduce the problem is enclosed, and if a known fix for it exists, include that as well. $ pkg_info -ac Information for inst:lzo-1.08p1 Comment: portable speedy lossless data compression library Information for inst:openvpn-2.0.6p0 Comment: easy-to-use, robust, and highly configurable VPN Information for inst:pftop-0.6 Comment: curses-based real time state and rule display for pf $
