Responding here at the risk of continuing to feed the troll, but in the interest of setting the record straight (i.e. for the archives).
On 4 Oct 2014 at 13:53, Matti Karnaattu wrote: > >Many a naïve person believe you can "add" security as an afterthought > >but I'm not aware of this approach ever truly succeeding. > > I think that OpenBSD has done decent job. Decades ago that old unix > code, originally did not quite exactly been EAL7. 1. OpenBSD is a great example of the difference that having security as a primary design and development objective makes, unlike most other OSes (including all flavors of linux) which do "added" security. 2. Open*BSD* as the name implies, had no "decades old" Unix code and by now has had much of the _original_ BSD code replaced as well. 3. A quick look at [0] demonstrates your utter ignorance of EAL or the issues involved in having formal certification of OpenBSD specifically. To wit: a) No operating system is certified to EAL7; b) Highest level certification achieved by any Unix-like OS is EAL4; c) Minimum reported timeframe to achieve EAL4 is 9 months (to as long as two years) at which point the released OBSD version is guaranteed to have changed, and the code being certified is about to or possibly already no longer supported; d) EAL certification requires a specific Target of Evaluation (e.g. it is well known that Windows NT achieved EAL4 but only without networking) whereas OpenBSD is a general purpose open-source OS that anyone is free to use and *modify* any way they please. 4. It's probably high time to let this utterly degenerated thread die.. [0] https://en.wikipedia.org/wiki/Evaluation_Assurance_Level
