On Thu, 13 Sep 2018 09:39:44 +0100 "Roberto E. Vargas Caballero" <[email protected]> wrote:
Dear Roberto, > You shpuld read those [1] and [2]. OpenBSD *IS NOT* objectively > more secure. It only had less security defects because it has less > people inspecting the code. For so many years OpenBSD was running > with very important vulnerabilities that weren't noticied by anyone. this is probably the other extreme view to see it. If we only take a look at e.g. LibreSSL vs. OpenSSL and how the project fared in the last few years, it's obvious their defensive approach to programming paid off massively. Also keep in mind that they have diminishingly less manpower than the Linux ecosystem. If you take that in regard, the perspective shifts. In absolute terms the vulnerabilities you pointed to are/were a big issue, and there will be more of these things in the future. I'm not saying OpenBSD is without defects. Only a stupid person would say that. It has a lot of legacy cruft as well. We are not in an ideal world, but I don't need to repeat that point. > No. This is how when we complaint about the linux users putting > #/bin/bash or using GNU extensions in Makefiles. Core OpenBSD > developers are totally differtent, but OpenBSD is creating a full > culture of people around that only has a centralized view of the > world. They don't contrast the point and they don't generate a > critical actitude, everything that comes from OpenBSD is right, > and OpenBSD is the more secure system, which is obviously false > (there are other systems that are more secure and more reliable, > but maybe less usable, than OpenBSD). Yes, OpenBSD fanboyism is real and it exists. You are false though to get the impression that I am such a fanboy, as elaborated above. :P With best regards Laslo -- Laslo Hunhold <[email protected]>
