Greetings,
On 07/04/2008, at 10:13 PM, Unix Fan wrote:
I back ported Firefox 2.0.0.12 to OpenBSD 4.2+patches, I can't
believe the OpenBSD team is letting people use the insecure 2.0.0.6
version, "We believe in security" my ass.
OpenBSD 4.3 will have 2.0.0.12, unfortunately 2.0.0.13 is out, and
that fixes yet another security problem... so, manual back porting
is the only option, I don't know why they give the people using -
CURRENT the secured ports, more people use -RELEASE or -STABLE, so
they should be providing resources for "OUR" security, not the
extremists living on -CURRENT.. compiling their entire system from
scratch every other hour/day/week.
(Who the hell could live like that? f**king insanity!).
[snip]
This is purely a personal opinion, but if you are using tools that
aren't part of the OpenBSD base system (e.g. Firefox) and you're
using them in a high-risk environment (e.g. connecting to untrusted
sites) and you're paranoid (like me) then you really do need to live
on -current.
There is an array of tools - particularly for servers - included in
base that are updated via source patches as soon as vulnerabilities
come to light.
Some tools I use that aren't in base (e.g. curl, dovecot) I only use
for relatively low-risk tasks (e.g. downloading OpenBSD patches, my
internal IMAP server) so I don't have a problem with them not being
updated at the first announcement of a new vulnerability. But if I
was using Firefox on OpenBSD I would stay on -current for the reasons
you have outlined. If you're not prepared to do this (and it is a
hassle - particularly if you tried to do it on dial-up like me! Yes,
I gave up) then don't use OpenBSD for your web browsing machine.
As I say, this is a personal opinion and not intended to flame.
Cheers,
Damon
