On Tue, Dec 23, 2008 at 02:41:08AM +0100, Henning Brauer wrote: > * Jussi Peltola <pe...@pelzi.net> [2008-12-11 20:52]: > > On Thu, Dec 11, 2008 at 10:30:50AM -0800, Jeff_1981 wrote: > > That said, OpenBSD base services are extremely secure, compared to the > > competition, when properly configured and patched. Note that no security > > audits are done to software in the ports tree; you're on your own with > > 3rd party software. > > many thing from ports are patched or otherwise modified for security > reasons, and many things are deliberately NOT in ports due to security > considerations. nontheless there is truth in your above statement; > averaged things from ports are not on the same level as openbsd.
Has anybody done any comparisons to see how things from ports (especially commone things like firefox) compare to the competition's packages (rpms, debs, whatever)? I know that the ports don't get audited like base, but then I don't think anyone else's does either. In other words, if you need a box with multiple third-party apps, (lets say that none of them are server apps), (eg, firefox, a window manager or DTE, mutt, LaTex, gv, a pdf reader), which box would be more secure (with the same admin): OpenBSD with ports or a Linux (e.g. Debian)? Doug.
