Subject: Re: OpenBSD
To: Perry E. Metzger <firstname.lastname@example.org>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
Date: 09/22/1998 10:43:25
>We are replacing our tar with pax. We've also done things like
>replacing portions of our r* tools to remove suid bits and such. I
>don't think we're taking a particularly different approach on such
so, two things:
(i) I think you're saying, that, (except exportable crypto),
OpenBSD in fact does not do particularly more about security
than NetBSD; they just do better marketing of the job they do.
Is that right?
(ii) why doesnt someone write up the security-related
changes made to NetBSD, like r* commands and fixes for
Bugtraq/CERT advisories, and put them on a Web page?
(iii) anyone done any objective tests -- say, systematically running
crashme or satan ors ome such, against all three *BSD systems
and compared the results? (yes I know its not very good, but
I cant think of a better metric.)