[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why Linux, Why Debian

On Mon, 16.02.2004 at 12:23:16 +0000, Andrew Suffield <asuffield@debian.org> wrote:
> On Sun, Feb 15, 2004 at 11:52:23AM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
> > You seem to have missed my point, I did not said that our default install
> > was less "secure" than OpenBSD's but more bloated. In fact, you have not

Just a quick question, would you judge chargen as a potential DOS
avenue, and/or a security risk for that reason? Or can you probably
argue in which setup these legacy services make sense today?

> > demonstrated that this is not the case.
> Because it wasn't the subject under discussion. You need to look up
> "bloat" in a dictionary though, it doesn't mean "big".

Bloat means to carry a lot of useless stuff along. From my perspective,
and although I like Debian a lot, Debian meets this definition in my
opinion. First things I do after installing Debian are, amongst others,
throwing all that NFS and inetd stuff out of the window.

> > bug.  Consider the case of having a default install which leaves an open
> > relay mail server because there was some error in the package that nobody
> > noticed.
> (logical disconnect)
> > That is less likely to happen in OpenBSD.
> That doesn't follow. Everybody is just going to install one
> anyway. What matters is the default configuration.

Presumably you mean a "mail server", right? Probably you should take a
look again. The standard OpenBSD setup includes a sendmail which is
configured to run only within the local machine (can't quite remember
if SMTP is open on localhost, or not, because I throw that out asap
after install, too).

> "Installing it yourself makes it more secure" *is* the OpenBSD fallacy.

Well, OpenBSD doesn't strictly say: You need to install your own, so
our hands stay clean. Several things are already there, and you need to
"install" as much as to say "yes" or "" (or similar) to enable something
that's not run by default.

And yes, the whole stack and heap protection stuff in OpenBSD should
make it safer in general, no matter how much you want to claim that
that's esotheric.

Just my 0.03 cents as someone who uses both platforms...


Reply to: