On Fri, Feb 13, 2004 at 05:12:12PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote: > On Fri, Feb 13, 2004 at 11:24:59AM +0000, Andrew Suffield wrote: > > On Thu, Feb 12, 2004 at 05:09:46PM -0600, Manoj Srivastava wrote: > > > 1) Do you think that OpenBSD 's repuation as a secure OS is > > > justified? Does the secure part of OpenBSD provide a useful platform > > > for your needs? Would SELinux meet or exceed the needs for a > > > secure OS for you? > > > > I think that regular Debian equals or beats the exact claims made as > > to openbsd's "security" (which aren't much - just regarding holes in > > the default install that can lead to a remote root compromise). Note > > that this mostly says "We have a default install that doesn't do > > anything, too". > > Umm.. it's really a default install with no network services, which is > usually quite ok for most users. Our "default" general install is much more > bloated. And precisely how many network services does it include? Anything that doesn't listen on a network port can't be a remote root issue. (I checked first. Did you?) > Also, the user-space has been audited, something we cannot say we have done > ourselves. [3] In and as of itself, that means nothing. Audited by who, how hard, with what objectives, for how long, and how much code was checked? How much of that code is actually shared with Debian? What about other independent auditing groups? -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
signature.asc
Description: Digital signature