|
News News regarding BSD and related. |
|
Thread Tools | Display Modes |
|
|||
Maybe, maybe not. We don't have all the details, nor is it likely we ever will.
A lot of Open Source development is done for free -- which sounds nice, but developers need to make a living too in order to support themselves & their families. Most any form of development takes a substantial amount of time, so it is always a balancing act between finding employment, keeping overseeing management happy, & making progress on both Open Source interests as well as work which generates income. Finding balance amongst all of these opposing forces is a hard & constant dance. It is not uncommon to short some tasks in order to get others done more quickly. These are the realities of software development everywhere. The point you should take from this is that the development process is complicated & hazy at best. It is difficult to impossible to know in advance how much time any piece of work will take to complete, & some will do certain tasks more quickly than others. Does the OpenBSD project require developers to make commitments to what work they will complete? I don't know. From a project management standpoint, I suspect Theo tries to stay on top of anticipated goals along with actual progress made, however, I doubt that any agreement made with individual developers is legally binding. Do developers change jobs while still being official project developers with commit status? I'm sure the answer is yes. Changing jobs is a fact of the industry. Does this change how much time developers can provide to the OpenBSD project? Yes. So, what is different about Conformal? I don't know other than that a number of experienced OpenBSD project developers have gone to work there, & as a result have left the project altogether. I am sure Theo is not pleased with the number of people leaving, & he is openly voicing displeasure. Could these developers have worked for Conformal AND still be OpenBSD developers? This question is even harder to answer, & I certainly do not know all details. What you should take away from reading the misc@ thread is that there are some very strong personalities involved who are OpenBSD developers. This is true of most development efforts. Some of those who have broken away to start Conformal also have strong personalities. Currently the two sides disagree, & each has a position they believe is correct. Maybe one is more correct than the other, I don't know. As we have attempted to elude to here, the differences are large enough between people with sufficiently strong personalities that resolution is not going to happen quickly if ever. I also believe the situation is complicated enough to make labeling as "unethical" far too simplistic a response. We don't know everything involved, & we aren't likely to ever know all the details. Being outsiders, it really isn't any of our business to probe any further other than read what is publicly stated. All any of us can say with certainty is that it is an unfortunately event for both sides. Nothing more. |
|
|||
Quote:
Yes, I agree.
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems. |
|
|||
Sir ocicat , thank you so much for the interesting post.Yes they are great men ! who can deny this ?
Theo disapproved -not of the fork itself- but of the way it has been done : underhand. As a simple OpenBSD user/enthusiast, I consider Theo on top of those great men. I first saw him on a Business Channel talking to Howard Green who was astonished at him being the first project leader who's not motivated by money .. dialectically then,what could have motivated Theo and Team all these years ?? the backdoor incident & how Theo reponded to it shew something about it.Some men are not for sale.They can sell the world for an ideal. And we have to support those to preserve that ideal. |
|
|||
Are you saying that OpenBSD having fewer vulnerabilities year after year is just a random occurrence?
|
|
|||
I'm only comparing numbers. But the fact remains that OpenBSD while great for firewalls or routers is really marginalized in some aspects by advancing technologies.
If you have a 1TB disk and install OpenBSD then you likely will have a lot of wasted disk because OpenBSD will not add virtualization such as FreeBSD Jails or Solaris Zones. Theo can rant all he wants that virtualization leads to vulnerabilities and therefore he refuses to incorporate it. But looking at the numbers, AIX and FreeBSD have virtualization in the base OS and by the numbers it doesn't matter. OpenBSD may also have a web server in the base install, but it is Apache 1.3. Does it really matter that the Apache code has been audited and may have had some code changes for it to be in the base install, since that version is mostly a relic? They claim only two remote holes in the base install, which is great, but as outlined in two cases above, once the server adds additional software such as a newer Apache or something else, those claims become less relevant. And what they do for security, which at one time may have been cutting edge (ProPolice, W^X), other OS's have adopted them too. It is my firewall and mail server, but to continue making such claims while refusing to merge newer technologies what does it matter given that others have statistically no more vulnerabilities but offer more flexibility? |
|
|||
Quote:
Quote:
Quote:
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems. |
|
|||
Quote:
http://marc.info/?l=openbsd-misc&m=134004484816443&w=2 |
|
|||
who's still using 4.9 or earlier ??
|
|
||||
@daemonfowl
It does not matter, it does show that OpenBSD has got the same vulnerability as others, nothing special about OpenBSD's security policy here
__________________
religions, worst damnation of mankind "If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”. vermaden's: links resources deviantart spreadbsd |
|
|||
Quote:
Granted, the same thing is there on the FreeBSD release packages, but you at least have the option with ports or tracking -stable. |
|
|||
Angry hackers are always invited to discover *more* security holes and express their moral right to help advance IT and Sec , or their human right to undermine a reputation .. :-)
Many forget the size of the project and just want it to provide full security+bleeding edge tech+all that every soul would want : " You can have anything you waaaaant , You can drift you can dream even walk on water anything you want .. " (What do you want from me , Pink Floyd) Until then , OpenBSD is what it claims to be : FFS , Free/Functional/Secure. |
|
|||
Quote:
Nonetheless, OpenBSD does still have unique security features that others don’t. For instance, it has several extra malloc() options and other memory protections that are extremely helpful at flushing out bugs. I once tried to run some NetBSD code (encryption code, no less!) on OpenBSD, but it crashed instantly. There were several double free()s and reads past the end of buffers, yet the program ran without complaint on NetBSD. I sent the fixes upstream, of course ☺ Quote:
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems. |
|
||||
Quote:
But does that mean that Linux is more secure then OpenBSD? [1] http://www.esecurityplanet.com/windo...six-years.html
__________________
religions, worst damnation of mankind "If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”. vermaden's: links resources deviantart spreadbsd |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
why does it fail to create drawable ? | daemonfowl | OpenBSD General | 4 | 11th May 2012 03:33 PM |
g4u -> create just one boot floppy | ccc | NetBSD General | 4 | 19th June 2011 04:46 PM |
Create ISO from Dump Files | revzalot | OpenBSD Installation and Upgrading | 3 | 2nd December 2010 08:49 PM |
How to Create a Bootable CD from an .iso file | rtwingfield | FreeBSD Installation and Upgrading | 4 | 22nd June 2010 10:08 AM |
OpenBSD: create user sh script | J65nko | Guides | 3 | 31st January 2010 08:29 PM |