Subject: Re: your mail
To: Jerry Alexandratos <darkstar@UDel.Edu>
From: Jim Wise <email@example.com>
Date: 10/18/1999 02:41:00
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 17 Oct 1999, Jerry Alexandratos wrote:
>Hi, I'm currently using another BSD (it's the one that touts itself as
>the Ultra-Secure one). Anyway, I'm looking to switch becuase I'm not
>quite happy with some of the attitudes around there.
>I've used NetBSD in the past, and it looks like it's come a long way
>since then, so I'm hoping it'll be the alternative I'm looking for.
Leaving aside the qualities of the NetBSD system itself, I've always
found the community around NetBSD a big part of the reason to use it.
I got into NetBSD from the MacBSD project (I was a lurker on the MacBSD
lists, and when MacBSD became part of NetBSD, I ended up following this
project too). In both the MacBSD and NetBSD projects, I never had
trouble getting answers to questions I've asked or help with problems I
was having, and I've never had people try to make me feel stupid for
asking. Sure we have our arguments and our flame wars now and again, but
that's mostly harmless, and doesn't seem to interfere with the
development of a really great system...
>I'm hoping that some kind soul could take a few minutes to answer the
>following questions and write back to me (I'm not on these lists
>1. Has NetBSD done a security code review at some point in recent
> history? Yes, I know that they don't have anywhere as many reports
> on Bugtraq as NT, but the security weenies at work are gonna try and
> nail me on this one.
NetBSD has a large enough user base that, among other things, there are
people who closely watch the commit logs of the other BSD projects, so
that as security related problems are fixed, those fixes are integrated
into NetBSD. We also have a very sharp security team ourself -- many
bugs which have been fixed in the other BSDs were found and fixed here
first -- In other words the fact that we don't talk as much about our
security enhancements doesn't mean they aren't very real.
Another advantage of NetBSD from a cryptography perspective is that we
do maintain an international CVS repository in Finland. This allows us
to maintain seperate US and International crypto source trees, allowing
both US and international users to contribute to cryptography in NetBSD.
NetBSD's crypto support includes OpenSSL, IPSec, kerberos 4 and 5, and
>2. Will the recently imported KAME stuff provide IPSEC for IPv4?
Yup. Right now, this is only in NetBSD-current, but it will be in 1.5,
of course. In addition, KAME do provide a release for NetBSD 1.4.1,
though you need to get it seperately and apply it yourself.
>3. I noticed that there's a project to incorporate userland PPP. How's
> that going? Anyone want a willing tester?
We support ppp using the standard pppd distribution (userland daemon
with kernel ppp pseudo-device), including support for synchronous and
asynchronous ppp, and have code in pkgsrc to support ppp-over-ssh and
PPTP VLAN setups. I believe ppp-on-ethernet is on it's way, but someone
else should comment on this...
>4. Soft Updates? I know that there was some work to integrate it. Did
> it ever get integrated?
There is a mostly-working port of this work, but it needs to be finished
- -- ISTR that it builds and runs but has a few bugs which needs to be
ironed out before it can be brought into -current.
>5. Is the Xircom CreditCard 10/100 CE-10/100 multilink card supported?
Don't know about this one.
Anyway, above are some of the reasons I use (and develop for) NetBSD.
Hope it helps...
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
-----END PGP SIGNATURE-----