* Douglas A. Tutty <dtu...@vianet.ca> [2008-12-23 05:45]: > On Tue, Dec 23, 2008 at 02:41:08AM +0100, Henning Brauer wrote: > > * Jussi Peltola <pe...@pelzi.net> [2008-12-11 20:52]: > > > On Thu, Dec 11, 2008 at 10:30:50AM -0800, Jeff_1981 wrote: > > > > That said, OpenBSD base services are extremely secure, compared to the > > > competition, when properly configured and patched. Note that no security > > > audits are done to software in the ports tree; you're on your own with > > > 3rd party software. > > > > many thing from ports are patched or otherwise modified for security > > reasons, and many things are deliberately NOT in ports due to security > > considerations. nontheless there is truth in your above statement; > > averaged things from ports are not on the same level as openbsd. > > Has anybody done any comparisons to see how things from ports > (especially commone things like firefox) compare to the competition's > packages (rpms, debs, whatever)? I know that the ports don't get > audited like base, but then I don't think anyone else's does either. > > In other words, if you need a box with multiple third-party apps, (lets > say that none of them are server apps), (eg, firefox, a window manager or > DTE, mutt, LaTex, gv, a pdf reader), which box would be more secure > (with the same admin): OpenBSD with ports or a Linux (e.g. Debian)?
easy - OpenBSD. Linux doesn't have propolice, randomized malloc/mmap, randomized library addresses etc yadda yadda yadda. crappy applications are still crappy applications on OpenBSD, but worse on pretty much any other OS. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
