At 11:31 AM 5/25/2005 -0800, Damien Hull wrote:
[EMAIL PROTECTED] wrote:
o, secure by default means that you should only run OpenBSD as it comes
and do not touch anything on it. Or else, it won't be secure by default;
your warranty is voided and Theo will spank you.
"in the base install" is a very important phrase. Ports don't get
audited much, if at all.
Thanks for the info. My concern is that OpenBSD is "secure by default"
when you do a base install but when you start adding things like Postfix
etc... are you still secure?
Seems like you answered your own question - if you WANT 'secure by
default', you will use base install - what's there (Sendmail, BIND, etc.)
has a pretty great track record. If you want more, you're relying on the
additional 'risks' imposed by the ports and/or packages.
Our policy here is base only, if at all possible, and it has served us and
our clients well.
Lee
