What's your point?
Is OpenBSD perfect? No.
Does it have flaws? Yes.
Can it be broken? Yes, and you've dug something out
from six years ago that may or not prove that. But the same can
be said of Linux, Windows, Mac OS, etc., etc.
Has every flaw/bug been discovered? No.
Will there be more issues found? Yes.
Does it tackle security pro-actively? Yes.
Does it prefer security and openness and doing things correctly
over bells & whistles and best performance whatever the cost? Yes -
security and correctness are priorities - but you could find that
out from http://www.openbsd.org/goals.html. Does that mean that
it will be perfect? No.
Are the developers/leaders perfect? No.
Is OpenBSD the One True Secure High Performance Operating System
for every imaginable task? No ... but then nor is anything else.
Is OpenBSD for you? Only you can decide ... and even if it is, it
may not be the best tool for EVERY job.
HTH.
On 15/04/2008, at 10:28 PM, Jernej Makovsek wrote:
Reading the archive it seems to me that el8 was taken as a joke:
List: openbsd-misc
Subject: Re: main openbsd server compromised ?
From: e <eliab () spack ! org>
Date: 2002-08-15 17:11:01
[Download message RAW]
no, el8 is not a serious zine, it's a joke, i'm sure reading a little
more of the zine would have made that obvious
List: openbsd-misc
Subject: Re: main openbsd server compromised ?
From: e <eliab () spack ! org>
Date: 2002-08-16 18:40:17
[Download message RAW]
* dayioglu ([EMAIL PROTECTED]) wrote:
On Thu, 2002-08-15 at 20:11, e wrote:
no, el8 is not a serious zine, it's a joke, i'm sure reading a
little
more of the zine would have made that obvious
Not to cause a flame-war but the disclosed mail traffic of K2 seem
very "normal". I did read the whole thing and to create so many
"joke mails" is, err, at least unusual.
Are you sure you read it all?
quite sure, el8 has been known to do this same type of thing before.
And that`s that. But
onhttp://www.wired.com/culture/lifestyle/news/2002/08/54400 I read
that "OpenBSD co-founder Theo de Raadt, cited as a top el8 target,
angrily refused to discuss the compromise (link
http://www.openssh.com/txt/trojan.adv) in late July of a file server
maintained by the open-source, Unix-based operating-system project. On
Aug. 1, a dangerous Trojan horse program was discovered amid the code
for OpenBSD, which is used by thousands of organizations and renowned
for its security.".
And:
"Christopher "Ambient Empire" Abad, a security expert with Qualys,
confirmed that excerpts of e-mails and other files stolen from his
directory on a server were published in el8's latest zine".
So it appears to me that what el8 posted wasn`t a joke. Did I missed
something again?
With regards,
Jernej
On Tue, Apr 15, 2008 at 1:59 AM, Ted Unangst
<[EMAIL PROTECTED]> wrote:
On 4/14/08, Jernej Makovsek <[EMAIL PROTECTED]> wrote:
Now with this post I don`t want to start any wars. I know that
nothing
is bullet proof and so on but as a wannabe OBSD user I`m "just"
interested in if this compromise was analysed and especially how
the
code has changed from then, what did you do to make sure that this
does not repeat. And if it was a third party app, why wasn`t it
configured within a jail? Ok, I learned that sysjail was
announced on
May 22 2006, but surely you have chroot capability. And sysjail is
connected with systrace... Well again, don`t want to start any
flame,
just interested how your community responded and responds to issues
like that.
Sure, I'll just sum up 6 years of pretty continuous development for
you. Unfortunately, it would take too long to read and I don't want
to waste any of your time, so I'll just summarize it as "lots of
changes".
