Re: OpenBSD/Errata/BUGTraq et al.

["STeve Andre'" <andres_(_at_)_msu_(_dot_)_edu>]

I can readily understand your frustration, Amanda.  You have the added
problem of a huge physical area where your machines are, which I don't
think most do, hence your worse problems with upgrades.

You'd like poll data?  Given the resources of the development team, I would
rather they concentrate on the things which make the system secure,
even if it means more problems in other areas.

I think most of use would up using OpenBSD precisely because of it's
security aspects, and however nice remote upgrades would be, I see
things like that as less essential to the mission as security.

Debian can do remote upgrades but still resembles Swiss cheese in
many respects.  OpenBSD isn't Swiss cheese at all, but perhaps lacks
bells & whistles of other op systems.

I hadn't quite looked at it this way before, but operating systems are
rather like most wild animals: they have been selected by evolution for
certain traits at the expense of others.

I like the traits that OpenBSD has selected for.

--STeve Andre'

At 04:33 PM 10/17/00 +0200, amanda_(_at_)_wineasy_(_dot_)_se wrote:
> Yeah, well, some users got offended by the lifeform comment too.
>
> I can't even *get* to some of my servers in one hour. Sometimes I'm on the
> other side of the planet when a security issue comes up.
>
> Perhaps we could take a poll. How many users want stuff like IPv6 and VLAN
> in their kernel, and how many want to do remote upgrades?
>
> Look at Debian. You can upgrade to a new version without even a reboot!
> Alas the PC architecture is not really designed for remote users. When
> will there be a cheap PCI card with onboard ethernet, sshd and an emulated
> serial port for remote console access? (cf. HP-UX LAN Console)
>
> Amanda.
>
> On Tue, 17 Oct 2000, Aaron Campbell wrote:
> > On Tue, 17 Oct 2000 amanda_(_at_)_wineasy_(_dot_)_se wrote:
> >
> > > I think that the reason 6-month old systems are unsupported is because
> > > OpenBSD is simply not intended for "low lifeform" users. It's just a toy
> > > for the developers to brag about.
> >
> > Frankly, as one of these developers, this offends me. Look, given the
> > limited manpower OpenBSD has in comparison to the other larger projects, I
> > think we do a pretty damn good job.
> >
> > We are still #1 in security between our matured IPsec codebase, our
> > unparalelled source tree audits, OpenSSH, our Secure By Default stance,
> > and now our cryptography accelerator support (not to mention the more
> > esoteric things like being able to encrypt your swap partitions, or that
> > by playing your mp3s you're adding entropy to the random pool). We are #2
> > with respect to supported platforms. Our man pages are UNMATCHED, and we
> > will continue to improve our documentation in coming releases. Hardware
> > support? We cover about 95% of the current 10/100 NIC market, 3 out of 5
> > Gigabit chipsets, half of the hardware RAID out there, most SCSI, USB, and
> > our laptop support is really starting to kick ass. Networking
> > support? IPsec, bridging, vlan, 802.11, ipf/ipnat, and a TCP/IP stack
> > that's impressive enough to be used in a new network appliance every other
> > month. Yes, I think that's something to brag about.
> >
> > I volunteer over 500 hours every 6 months to help develop OpenBSD. You
> > can't give up 1 to upgrade a server?