> The
> thing about
> OpenBSD's base install, is that it's really everything
> you /need/,
that is arguable, and I'm not qualified to do it, but some
feel that the 'days since hacked' claim is because so
little is turned on by default.
> Debian's base install. If you install the same services
> on a Debian
> system that come with OpenBSD's base system, the Debian
> machine will be
> nowhere near as secure.
How so? I disagree. The Debian system can be (but agreed
is not by default) set to update into whatever fixes are
found for those services.
> While those services are in
> OBSD's base system,
> the are not enabled by default.
Exactly, and since they are not, they are not counted as
part of the security issues. Leading to the inflated 'day
since hacked' claims.
> Saying Debian is as secure by default as OpenBSD is a
> little like saying
> Windows98 is more secure by default than Debian.
No... that's not fair. I think everyone agrees OpenBSD
makes security it's #1 focus. At Debian, it one of many
focuses.
Debian by default is fairly secure. Compare this to a
default install of Redhat. It will take only a matter of
weeks before someone pops it with a hack. This is a know
fact, due to the poor defaults installed.
> To nit pick, it is then no longer the original install.
and neither is turning on all of the needed stuff on an
OpenBSD box.
> It's true, OpenBSD does not have a binary update scheme.
> However,
> source patches come much faster than binary patches, I
> believe I posted
> a message about this some time ago in regards to a sudo
> glitch. I got
> a source patch in my mailbox approx 5hrs after the bug
> was posted o
> bugtrack. I ran apt-get twice a day, every day for 4 or
> 5 days before
> I got an updated sudo .deb.
agreed. But someone is _paying_ Theo. The sudo maintainer
probably isn't being paid.
Apples and Oranges. Is OpenBSD _more_ secure overall, yes.
Is it more full featured and as easy to use? No. In the
end, is there much difference? No.
> Debian's claim to fame is apt/dpkg
> OpenBSD's claim to fame is OpenSSH
> Which matters more to YOU?
No, Debian's claim is NOT apt or dpkg. Sorry. It's the
volunteer run, free software commitment. the apt stuff is
merely gravy. An RPM based Debian would still be a better
distro than most others.
OpenBSD's claim is not OpenSSH, it's the focus on Security.
SSH is just part of that.
As much as I admire Theo and his crew, and see the value in
doing what they do, I continue to run Debian. I'm not
ready or willing to switch to BSD for many reasons, some of
which are political/philosophical, some of which are more
concrete, like drivers and developement cycle speed.
Seth
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
