On 24-Oct-07, at 5:59 PM, L. V. Lammert wrote:
At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote:
You must be more qualified with regards to the actual code than I am
because I flat out don't believe this at all.
Believe what? OBSD is secure? I thought you were proud of the
project? Sheesh! If our leader doesn't believe OBSD is secure, we
ALL better be running for cover. Linux, anyone?
So you judge the security of the operating system by how many
(possibly brash) risks its developers are willing to take with it?
That's counter-intuitive. If I'm looking for security, I'd rather
get my software from a developer who isn't satisfied because (s)he is
more likely to work harder to improve it and be much more careful
while doing it. If confidence is all that matters, then heck, lets
get rid of all the privilege separation and other risk-minimizing
techniques because you don't need them when your code is flawless right?
