Re: OpenBSD's new marketing slogan

From: Michael T Pins (mtpins@visi.com)
Date: 06/26/02 

From: Michael T Pins <mtpins@visi.com>
Date: Wed, 26 Jun 2002 18:38:40 GMT

Jem Berkes <jb2002_padding_@pc9.org> writes:

>> I see they've had to update their web site:
>>
>> http://www.openbsd.org/
>>
>> "One remote hole in the default install, in nearly 6 years!"
>>
>> It has not been a good week for Theo.

>Yeah, the apache and openssh stuff hasn't been too great. But that's still
>an awfully good track record... who can compete with it?

Just about anyone who ships systems with nearly everything turned off by
default?

I've never been impressed with their track record, especially since they
also gave no indication what might (or might not) be safe to turn on. The
recent arrogance about OpenSSH hasn't helped. Theo's comments have
basically amounted to "we can't figure out how to fix OpenSSH, so everyone
should run it in a mode that breaks things, and we'll blame it all on the
vendors for not spending their time to fix our code". Sorry, I don't buy
it.

Yes, the OpenBSD team has done us all a great service with the amount of
code auditing they've done, but their implementations leave a lot to be
desired. 

-- 
**************************************************************************
*     Michael T Pins                 |          mtpins@nndev.org         *
*     keeper of the nn sources       |          mtpins@visi.com          *
*     ftp://ftp.nndev.org/pub        |     #include <std.disclaimer>     *