-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I don't want to spam this list with OS discussion, but I think yours is an important point, so I'll give my perspective briefly.
This is one of the main aspects of OpenBSD that make it better suited for firewalls etc. than for desktops. One of the main tenets of OpenBSD is "secure by default". There have only been two remote holes in the default install in the last seventeen or so years, so there generally isn't a serious need for base updates. Keeping up with the occasional patches is a good idea, which is done manually by default. This generally takes a file download and about three copied-and-pasted commands. The announce mailing list lets you know about these, and there are scripts to apply them automatically. If you're running a Tor relay,, Tor might be the only thing you install. I also have Vim, SSHGuard, and possibly a library or two for Arm, but that's it. Hopefully, all relay operators keep up with the Tor community enough to stay on a supported version, if not the newest one. The updates are rare enough that I haven't found manual compilation an issue. My OpenBSD node is currently on 0.2.5.10. If compilation is considered tedious, though, I or someone like me could start more aggressively maintaining the Tor port. I was actually considering this recently, although I have no prior experience with port development. There are almost 9,000 ports, and they're only updated as quickly as they're developed. Libertas On 11/05/2014 12:07 PM, Zack Weinberg wrote: > On Wed, Nov 5, 2014 at 11:20 AM, Niklas Kielblock > <nik...@spiderschwe.in> wrote: >> Is there much of a difference between setting up Tor on OpenBSD >> vs. Linux or other Unix(like) systems? >> >> Or is this just about setting up OpenBSD in general, or >> additional security for relays (disk encryption, memory >> protection) whose use isn't common on most general servers? > > Well, the thing *I* don't feel I have the least idea even where to > begin with, with *BSD in general, is reliable automatic > installation of security updates for both the base system and the > ports. I can figure everything else out once and write it into > /etc and be done with it. But if I have to manually monitor for > bug fixes in all the installed software, and manually update local > source code copies and recompile every time, well, that's three > chores that computers are better at than I am. > > (Actually, the ports system has blown up in my face often enough > that I'm convinced it has fundamental design flaws -- and this was > in the much less demanding environment of a development VM. I > would be much more comfortable with a BSD that accepted the maxim > that there can be only one package manager and nothing may escape > its gaze.) > > zw _______________________________________________ tor-relays > mailing list tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUWoTTAAoJELxHvGCsI27NyaYP/iLcKMLJ2rPInFSNYB8PFVcg jEqZOwZgDSeIC7RQ2o7MOmcc3oOm1wQK7qCZZzDgfg+rr1tWn4JuRGy0L+gLBDNW MXx8PrVaZpBaHMnwBuHRd5jgKPr8/N0e6OcX+rsMS7I/qHa7qPbBV3lNBJkkHiG+ 4XQreatlwfg5sBLqQLL9aZKwZnf/aewfT+tpLmlHAMrwEMlXxea4W30co9DM09Jq twEfpuyHpD6BCrr18R/jTBgCjvmV7npCIOvYXbvuGcyPMcITbLWIKJBqYJSTl68+ NsheFznfQJMYMeXrO3BprcK+ioMtKe71prTU2SSql+JSjUzSz+cwGJzj0keXmV8t pZeP+IE2UKS93vzbU6B7yFwuvNERrwxRiXVMQtYke98tYbuLh1UkMNjWA3atT3W6 2GRrbriZp3LpGyZH25xhNE0IWmJtT5BoMlYLxZNCQRGzDBoRgoPk5a8fU4TWO0Z/ 01fAeVfe9Ro35vhbXk5rrkxd9LPdQrGk2vqxeZgAuS2yI5067Jg6PoTB1knQ571D 2C+aESq3dl/SkNJNTQkSP1JWNTbKKVjQ3sd2tdhY8iFJIRfximOjsWI7mcChyN81 wpWUj3MsPIHpYAQZComs3vV5s2vjypre/W/PmX2I00tHiit9ck/LuR9Jq0zlqc1z atTaElYDVYN5EoRlhfkX =BrW2 -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays