Thilo Pfennig wrote: > Hi, > > I am using OpenBSD on a desktop system for about a year now and have > some open questions about the project goals. I have read > http://www.openbsd.org/goals.html , but I think it does not answer some > questions. > > One question is what the ideal status of OpenBSD would be.
better: more secure, more capable. > Right now > there are core applications (which include also Sendmail and Apache) and > the ports. Would it be a goal for OpenBSD to provide most functionality > as part of core? Of course. Look at the release pages, for example: http://www.openbsd.org/43.html > I mean its clear that the ports and packages are not > audited as the applications in core are. But generally there is no > argument for why one application should get more auditing than another, > except when you say that you want to provide only one of a kind. oh, by "more functionality" you mean more third-party apps. I'd argue that is NOT functionality of the OS, but, well, more third- party applications. Put yourself in the developer's position: You wish to add a third-party app to OpenBSD. Now, the number of really good, carefully crafted, security-absolutely-first apps out there is pretty close to zero. So, you need to patch and revise your target application to bring it to OpenBSD standards. You pass the changes back up stream, and they do what you expect: they ignore them...after all, they want to have complete compatibility with all other (i.e., "Linux") OSs, they are busy adding new features, or just don't like you (keep in mind, your patches just said, "your code sucks", even if delivered in the most polite manner possible). SO, now you pretty much have to maintain a fork of the app, merging in new functionality, and then re-cleaning the code. Yuck. Oh, btw: you get to make sure it works on around seventeen platforms. So in short: no, you will probably not be seeing OpenOffice as part of base. You will probably see more internally-developed features, like OpenNTPD, OpenBGPD, etc., and probably better support for adding third-party apps...but not huge quantities of new third-party "productivity" apps. > Maybe this question is not OpenBSD specific but merely a question of > what a goal of an operating system should be. The goals on the project > homepage focus more on what is different on OpenBSD. My understanding is > that OpenBSD (most BSDs and Unices and also Plan9) strive to provide all > basic functionalities as part of the core distribution. for varying definitions of "all basic functionality". I'm STUNNED by the things that various other OSs consider "basic" and "extra". Still love Solaris installing OpenOffice, and not a compiler as part of a basic install (for sarcastic definitions of "love"). > And on Linux the > mentality is rather that the operating system is rather a collection of > different parts - and that each part is an individual package - so there > is generally no sense of a "core" besides the Linux kernel and maybe the > base-files package. > > Another interesting and realted question is what should be provided by > default. OpenBSD got some criticism that it has not enabled many > services by default and does not take into account non-default installs > of some random packages or ports when it comes to security leaks. But > OTOH OpenBSD provides Apache and Xorg/Xenocara as core file sets, which > I think no other operating system does? As far as I looked other BSDs > provide Apache and Xorg as ports rather? So one could also say that > OpenBSD is actually providing not less but more. right. so why worry yourself with the ramblings of "some"? There are idiots everywhere. Work hard enough, you can find people who will praise you, and people who will condemn you, and if no one is condemning you, you probably aren't doing anything. The OpenBSD goal is not to appease every critic...or even any of them. Remember what your parents told you about "do your best, don't worry about what other people say"? I've seen very, very few projects where this is followed more absolutely. > Most Linuxes will > install and Xorg plus a desktop like KDE or GNOME by default - but then > all those are just distribution-provided packages which are not audited > well on most Linuxes. and sometimes, they even work! >From what I've seen, Linux is not something I really wish to be compared to. The Linux people sometimes seem to spend time looking at Windows, and set their goal of "doing better than Windows". The OpenBSD goal seems to be to do better than OpenBSD. :) > Right now I see the wholeheartedness on working on the operating system > as what makes up OpenBSD and differs it from other OSes. I think > although security is a focus this is really more a benefit of the > development process. I mean security does not come from statements and > also not from having it as a goal. I would say that the Debian guys wont > say that security was unimportant to them, nor would any OS state that. > The difference lies in how people act - and maybe also how much progress > is seen of just providing the latest and greatest. It has been said that security is not the goal, but that security is the logical result of quality. If you design for quality, security just happens. And yes, it is your actions that count, not your words. There are a number of buggy bits of software out there that chant the right words, but clearly don't live by them...or those that show a lack of actual quality which causes me to doubt their real security. Nick.
