I'm only comparing numbers. But the fact remains that OpenBSD while great for firewalls or routers is really marginalized in some aspects by advancing technologies.
If you have a 1TB disk and install OpenBSD then you likely will have a lot of wasted disk because OpenBSD will not add virtualization such as FreeBSD Jails or Solaris Zones. Theo can rant all he wants that virtualization leads to vulnerabilities and therefore he refuses to incorporate it. But looking at the numbers, AIX and FreeBSD have virtualization in the base OS and by the numbers it doesn't matter.
OpenBSD may also have a web server in the base install, but it is Apache 1.3. Does it really matter that the Apache code has been audited and may have had some code changes for it to be in the base install, since that version is mostly a relic?
They claim only two remote holes in the base install, which is great, but as outlined in two cases above, once the server adds additional software such as a newer Apache or something else, those claims become less relevant. And what they do for security, which at one time may have been cutting edge (ProPolice, W^X), other OS's have adopted them too.
It is my firewall and mail server, but to continue making such claims while refusing to merge newer technologies what does it matter given that others have statistically no more vulnerabilities but offer more flexibility?
|