View Single Post
Old 28th August 2009
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102

Originally Posted by jggimi View Post
I agree with the majority of users (and developers) that not having comp*.tgz available does more harm than good -- in that admins who don't have maintenance tools available don't maintain properly. And an out-of-date system has more risks than an up-to-date one, if everything else is equal.
I agree 100% with you Jggimi. Now look the rest of my post. I wrote that if he wants to remove the compiler he has to have another machine which will be used for updating and maintenance of the production machine.

I also know where OpenBSD developers coming from. They want secure by default installation as their working assumption is that an average system admin is an idiot (which I cold-heartedly agree). In the light of that point of view they are correct that system with compiler is more secure than the one without it. But for BSDfun, you, and alike careful people theoretically speaking system without compiler is more secure. It is also true that is it far more costly (since you have to run a clone machine with exactly the same software, configuration and the compiler) and complicate to maintain such a computer.

For the record all my computers including firewalls do have compiler but if I run firewall for a large group of users I would run it without compiler.
Reply With Quote