Hi, On Wed, Sep 12, 2018 at 08:08:39PM +0200, Laslo Hunhold wrote: > that's your choice as the maintainer and I am not a fanboy. OpenBSD is > objectively more secure and it's mainly due to their approach. Credit > where credit is due.
You shpuld read those [1] and [2]. OpenBSD *IS NOT* objectively more secure. It only had less security defects because it has less people inspecting the code. For so many years OpenBSD was running with very important vulnerabilities that weren't noticied by anyone. > > If you don't understand any of my reasons, then you should stop > > posting here and begin to post to OpenBSD, I am pretty sure that Theo > > will be more friendly than we are (irony mode off). > > Your reasons are simple to understand. The main argument is to > ask: "When we add OpenBSD-specific code, why not Linux-specific code as > well?". No, my point is about having suckless code, and having that ifdef there makes the code suckmore. Offline I suggested other solutions, as Dimitris and Hiltjo can confirm, like for example having the patches in the repo and a rule in the Makefile to patch the sources, or like creating local versions of the interfaces (ex: mypledge) and having the ifdef there, or having a file per system with the specific code of the system. All this options were discarded because at the end we are missing the point of suckless: Good code and simplicity as first objective. > In an ideal world we would have portable interfaces for this, but there > aren't. Surely ii runs without unveil() just fine, however, you have > bigger problems when you need a good source of entropy that is secure > to "tap". No. This is how when we complaint about the linux users putting #/bin/bash or using GNU extensions in Makefiles. Core OpenBSD developers are totally differtent, but OpenBSD is creating a full culture of people around that only has a centralized view of the world. They don't contrast the point and they don't generate a critical actitude, everything that comes from OpenBSD is right, and OpenBSD is the more secure system, which is obviously false (there are other systems that are more secure and more reliable, but maybe less usable, than OpenBSD). This is why I called you a fanboy, because you don't have that critical spirit and you don't try to think by yourself, you only repeat dogmas that someone else created. Roberto. [1] https://www.openbsd.org/papers/fuzz-slides.pdf [2] https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf