[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenBSD/Errata/BUGTraq et al.
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: OpenBSD/Errata/BUGTraq et al.
- From: "STeve Andre'" <andres_(_at_)_msu_(_dot_)_edu>
- Date: Tue, 17 Oct 2000 10:56:33 -0400
I can readily understand your frustration, Amanda. You have the added
problem of a huge physical area where your machines are, which I don't
think most do, hence your worse problems with upgrades.
You'd like poll data? Given the resources of the development team, I would
rather they concentrate on the things which make the system secure,
even if it means more problems in other areas.
I think most of use would up using OpenBSD precisely because of it's
security aspects, and however nice remote upgrades would be, I see
things like that as less essential to the mission as security.
Debian can do remote upgrades but still resembles Swiss cheese in
many respects. OpenBSD isn't Swiss cheese at all, but perhaps lacks
bells & whistles of other op systems.
I hadn't quite looked at it this way before, but operating systems are
rather like most wild animals: they have been selected by evolution for
certain traits at the expense of others.
I like the traits that OpenBSD has selected for.
At 04:33 PM 10/17/00 +0200, amanda_(_at_)_wineasy_(_dot_)_se wrote:
Yeah, well, some users got offended by the lifeform comment too.
I can't even *get* to some of my servers in one hour. Sometimes I'm on the
other side of the planet when a security issue comes up.
Perhaps we could take a poll. How many users want stuff like IPv6 and VLAN
in their kernel, and how many want to do remote upgrades?
Look at Debian. You can upgrade to a new version without even a reboot!
Alas the PC architecture is not really designed for remote users. When
will there be a cheap PCI card with onboard ethernet, sshd and an emulated
serial port for remote console access? (cf. HP-UX LAN Console)
On Tue, 17 Oct 2000, Aaron Campbell wrote:
> On Tue, 17 Oct 2000 amanda_(_at_)_wineasy_(_dot_)_se wrote:
> > I think that the reason 6-month old systems are unsupported is because
> > OpenBSD is simply not intended for "low lifeform" users. It's just a toy
> > for the developers to brag about.
> Frankly, as one of these developers, this offends me. Look, given the
> limited manpower OpenBSD has in comparison to the other larger projects, I
> think we do a pretty damn good job.
> We are still #1 in security between our matured IPsec codebase, our
> unparalelled source tree audits, OpenSSH, our Secure By Default stance,
> and now our cryptography accelerator support (not to mention the more
> esoteric things like being able to encrypt your swap partitions, or that
> by playing your mp3s you're adding entropy to the random pool). We are #2
> with respect to supported platforms. Our man pages are UNMATCHED, and we
> will continue to improve our documentation in coming releases. Hardware
> support? We cover about 95% of the current 10/100 NIC market, 3 out of 5
> Gigabit chipsets, half of the hardware RAID out there, most SCSI, USB, and
> our laptop support is really starting to kick ass. Networking
> support? IPsec, bridging, vlan, 802.11, ipf/ipnat, and a TCP/IP stack
> that's impressive enough to be used in a new network appliance every other
> month. Yes, I think that's something to brag about.
> I volunteer over 500 hours every 6 months to help develop OpenBSD. You
> can't give up 1 to upgrade a server?
Visit your host, monkey.org