On Thu, Jan 10, 2008 at 11:56:15AM +0100, Joerg Zinke wrote: >On Wed, 9 Jan 2008 23:03:29 +0200 >Nikns Siankin <[EMAIL PROTECTED]> wrote: > >> Facts about OpenBSD: >> >> # Stable release cycle. >> If you want to run latest bugfree ClamAV or FireFox - upgrade to >> CURRENT! But don't forget to buy release CD's!!! > >if you do not like to use CURRENT, send a patch which backports >these versions to stable. >you are listed as maintainer for some ports, means you should >know how things work.
Take a look on ports@ and see how much submited -stable patches are commited. None!? >> # Secure By Default. >> OpenBSD uses broken WEP for securing WiFi networks. >> Has no WPA/WPA2 support. > >wpa is not much better than wep. useful alternative: ipsec, another >alternative: secure your wlan with pf/authpf. WPA and IPSEC secures your wlan in different layers. WPA *is* much better than wep. > >> # Do not let serious problems sit unsolved. >> OpenBSD doesn't need MAC because it has their own security flawed >> systrace. > >i do not get the point. seriously, have you ever used systrace? Sure I do, but it's flawed now anyway. OpenBSD needs MAC. > >> # Use of Cryptography. >> OpenBSD uses file-backed encryption (svnd) which is very suited >> for Full-disk-encryption. NOT. > >wrong. i use it on a whole raid 1 disk for example, no problems here. Me too. I'm talking about full-disk-encryption, which doesn't seem to be easy hack. > >$ df -h >Filesystem Size Used Avail Capacity Mounted on >[...] >/dev/svnd0c 411G 249G 141G 64% /media > >> # Full Disclosure. >> OpenBSD at first denies remote exploitable flaws. >> DoS flaws gets marked as reliability not security issues. > >what's the problem? Denial of Service stands for AVAILABILITY. Information security goals are confidentiality, integrity AND availability. > >> # Easy maintainable. >> OpenBSD distributes source patches to make your farm of >> Pentium2 firewalls updated easly. > >if you own such a cluster (i doubt that) you would compile the patch >only once and then distriubute the binaries. > >> # Secure Distribution. >> The most secure operation system gets distributed on FTP servers >> as unsigned binaries. > >buy the cd or use cvs+ssh if you do not like unsigned ftp binaries. That CD gets sent by traditional mail + not all packages are on CD. Compiling everything from sources doesn't look like solution for masses. > >> Disclaimer: Like it or not. I'm OpenBSD user for 4 years. >> Shit on my head - shit on all OpenBSD supporters. > >why did you start such a flame-mail? it makes you look like a >whiner. >if you do not like openbsd, use something else. Wrong. I like OpenBSD. But these are things I consider for the most secure os to be fixed. I get lot of response offlist. It seems that people are afraid to discuss these issues onlist, guess because of this "YOURE WHINER" or "DONT LIKE DONT USE" attitude. > >regards, > >joerg
