port-sparc: Re: sparc station 5-170 (turbo sparc)

Subject: Re: sparc station 5-170 (turbo sparc)
To: Chris Amthor <amthor@chroam.de>
From: David Maxwell <david@vex.net>
List: port-sparc
Date: 06/13/2003 09:43:58
On Thu, Jun 12, 2003 at 06:39:59PM +0200, Chris Amthor wrote:
> On Thu, Jun 12, 2003 at 08:03:49AM -0700, Anthony Watters wrote:
> > With that in mind, could someone recommend a specific linux distribution
> > that works on a SS5-170? 
> 
> Especially if you plan to use the box as a firewall, I'd recommend
> running NetBSD rather than any GNU/Linux distro. From a security view,
> you may also want to have a look at OpenBSD.
> 
> *duck* ;)

I'll bite on that troll ;-)

Although OpenBSD makes a big, public marketing push about 'Security', if
you investigate carefully, you will find several things:

OpenBSD often hypes 'Security improvements' which fail to address a
fundamental problem, in such a way that security is not actually
improved at all. (I believe the most recent example of this is their
talk about priviledge seperated XFree86.)

OpenBSD's development model seems to encourage 'fast and loose' changes
to code. They have in the past announced patches to bugs which only
existed in OpenBSD because they were newly introduced errors there.
(OpenSSH suffers similarly, as you can see by comparing its security
history with the ssh.com daemon) (An example of this would be dropping
the well-baked IPFilter firewall support over a mostly invented license
issue (that would have been easily resolved, had cooler heads prevailed)
and replacing it with a not even half-baked PF. This is not to say that
PF might not possibly have a cleaner, more modern design, but removing
support for a well-tested firewall, and forcing all users to migrate to
a brand new codebase... That doesn't look like a change having users'
system security foremost in mind.)

The NetBSD Project does not engage in smear campaigns, or negative
marketing in general, so on the official website, you'll not find a list
of 'Why NetBSD is better than Linux, FreeBSD, OpenBSD...', instead
you'll find only a listing of the good qualities that NetBSD provides.
It is unfortunately true that many users of an OS are not technically
saavy enough to make a comparison on their own, and so they end up
relying on the marketing that they do hear.

So, in my opinion, if you were to take a close look, you'd find that
each of NetBSD and OpenBSD has some areas of security tools which are
superior to the other, and be sure to take policy, procedure, and its
consistent application into account when choosing an OS you can rely on
for your security needs.

							David