Subject: Re: OpenBSD
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Dave McGuire <firstname.lastname@example.org>
Date: 09/22/1998 14:20:48
On Tue, 22 Sep 1998, Jonathan Stone wrote:
>(i) I think you're saying, that, (except exportable crypto),
> OpenBSD in fact does not do particularly more about security
> than NetBSD; they just do better marketing of the job they do.
> Is that right?
At this point I should probably point out a conversation that I had with a
friend and former coworker, a reasonably well-known network security expert, a
month or so ago. I caught up with him after having lost touch for a couple of
months, and he told me about the sparc10 he picked up recently...of course I
asked "so man, what are you running on it?" He said "Well you know I'm sick of
SunOS, and Solaris blows...so I'm running OpenBSD." I responded with "Hmm...why
OpenBSD instead of NetBSD?"
His response was "It seems like pretty much the same OS, but OpenBSD is
much more security conscious, so I went with that."
Maybe a NetBSD security web page wouldn't be such a bad idea. We *are* doing
good work to deal with security issues. It's about time someone other than the
developers found out about it.