On Thu, 28 Nov 2007, Unix Fan wrote:
a secure OS is nothing without secure software...
I wouldn't say nothing! It is definitely a good thing that the base
system is secure. (For example, it's usually possible to use only the
base system when doing system maintenance, which limits the risk of
unauthorized root access due to unsecure ports and packages.)
And if you need really secure and robust applications as well, be sure to
note the important disclaimer at http://www.openbsd.org/faq/faq15.html#Intro:
"The packages and ports collection does NOT go through the same thorough
security audit that is performed on the OpenBSD base system. Although
we strive to keep the quality of the packages collection high, we just do
not have enough human resources to ensure the same level of robustness
and security."
That is, just improving tracking and distribution of the latest upstream
updates may not fulfill your needs completely...
/Johan Zandin
