Re: 3.4 CDs

[Brett Lymn <blymn@baesystems.com.au>]

On Tue, Sep 16, 2003 at 01:42:38AM -0600, Tobias Weingartner wrote:
> 
> Great... first I hear of it.  Nice to know someone is doing work.
> What exactly is it?  I see a lot of M.O.O.T. things on that page,
> but not much else...  Not to knock it, just saying what I'm seeing.
>

It is a system that can be used to keep your private data safe from
laws that demand mandatory decryption or key access.  Peter first
proposed this to defend against the RIPA bill being introduced to the
UK parliment - the bill never came to pass but it seems to be rearing
it's ugly head again.  The system is a CD that can be booted in a
standard machine and can provide access to your data stored elsewhere
on the internet.  It contains countermeasures against snooping of
various sorts.  Lots more things that I cannot recall right now.
 
> 
> Ok... and?  I don't follow your logic.  I'm trying, but what does that
> have to do with his comments?
>

Just that you immediately leapt on someone who had a legitimate
interest in an upcoming OpenBSD release and called him a troll when
all he was doing was offering up his experiences of getting CD's
pressed.

> 
> And where exactly was I being rude?
>

Just the fact that someone commenting about CD releases and getting
things pressed was immediately a troll.
 
> 
> I'm trying, but I'm not going to do the searching and research for you.
> Please search the archives, and find out for yourself what sort of response
> has been given to the release schedules in the past.
>

Much the same as I have just seen I would suspect :)
 
> 
> 1) Security is not static.  Static security means you're dead.  New ways
> of attacking software systems are thought up and brought into the world
> on a daily basis.  A release every 6 months gives the people wanting to
> attack OpenBSD a moving target.  Almost everyone will agree that a moving
> target tends to be harder to hit.
>

The only problem is that if you push too aggressively on release then
you end up with people being pressured to produce - in this case you
can force errors or skimp on testing which can cause problems.  Lines
in the sand can be great but ship or be damned will cause a world of hurt.
 
> 2) Releases are predictable.  As much as a moving target is harder to hit,
> management is reasonable, given that the releases are predictable, and are
> of a quality that far surpases anything else I have ever seen.  I have
> production machines running -current.  Rarely do I have a problem with the
> upgrade process.  I have more (way more) machines running the latest
> release or -stable.  I have even less problems with those machines.  The
> fact that the releases are every 6 months lets me plan my upgrades to the
> machines I administer.
> 

Fine.  Mind you, some places find a 6 monthly update too aggressive.
Patching the problems in the older systems is more acceptable to some.

> 3) Planned obsolescence.  Yeah, it's a good thing.  I'm a lazy fuck, and
> if I did not have someone telling me that I need to upgrade, I'd have a
> machine running good old SunOS 4.0.1 still.  Why?  Because it works.
>

Heh - well there is nothing stopping you just sticking with one
version of OpenBSD by that argument.
 
> 4) Last but certainly not least.  Every release so far has had significant
> developments that made it different and better from the last one.  Some of
> them were large things (like pf), others smaller.  But they all warranted
> a release.  Contrary to many sceptics, OpenBSD is alive and moving forward.
> 

Improvements are valid reasons for updating, if it does something you
need/want.

-- 
Brett Lymn