From owner-freebsd-questions@FreeBSD.ORG Sun Jun 3 05:52:47 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9301616A400 for ; Sun, 3 Jun 2007 05:52:47 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from host222.ipowerweb.com (host222.ipowerweb.com [66.235.210.10]) by mx1.freebsd.org (Postfix) with SMTP id 72CA613C44C for ; Sun, 3 Jun 2007 05:52:46 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 98407 invoked from network); 3 Jun 2007 05:49:39 -0000 Received: from unknown (HELO demeter.hydra) (24.9.123.251) by host222.ipowerweb.com with SMTP; 3 Jun 2007 05:49:39 -0000 Received: from demeter.hydra (localhost [127.0.0.1]) by demeter.hydra (8.13.6/8.13.6) with ESMTP id l535qiAj063510 for ; Sat, 2 Jun 2007 23:52:44 -0600 (MDT) (envelope-from perrin@apotheon.com) Received: (from ren@localhost) by demeter.hydra (8.13.6/8.13.6/Submit) id l535qhRe063509 for freebsd-questions@freebsd.org; Sat, 2 Jun 2007 23:52:43 -0600 (MDT) (envelope-from perrin@apotheon.com) X-Authentication-Warning: demeter.hydra: ren set sender to perrin@apotheon.com using -f Date: Sat, 2 Jun 2007 23:52:43 -0600 From: Chad Perrin To: freebsd-questions@freebsd.org Message-ID: <20070603055243.GB63366@demeter.hydra> Mail-Followup-To: freebsd-questions@freebsd.org References: <4661FAC9.9010806@transpacific.net> <20070602201740.202e768a.wmoran@potentialtech.com> <46621503.5030303@freebsd.org> <20070603043301.28d9bef2@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070603043301.28d9bef2@localhost> User-Agent: Mutt/1.4.2.2i Subject: Re: BSD derivatives X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Jun 2007 05:52:47 -0000 On Sun, Jun 03, 2007 at 04:33:01AM +0200, Jona Joachim wrote: > On Sat, 02 Jun 2007 18:10:27 -0700 > Colin Percival wrote: > > > Bill Moran wrote: > > > OpenBSD puts security higher on its list of project goals and > > > motivating factors than any other OS I know. > > > > I disagree. I'd say that OpenBSD and FreeBSD put security in exactly > > the same place -- at the top of the list. > > Sorry but I have to disagree here. > FreeBSD ships with closed source software including following drivers: > ath, nve, oltr, rr232x, hptmv. > Closed source software implies potential insecurity. If security is at > the top of the list then I see a clear contradiction here. More accurately, I'd say that the closed source drivers only imply priorities contradictory to security if they're installed and active in default configuration. If it's just a binary lump that never executes, on the other hand, or is on a server or CD somewhere waiting to be installed if you want it, that doesn't imply insecurity in the system -- only in the configuration of a system where someone chooses to use the closed source software. Hopefully that made some sense. While I tend to agree with the OpenBSD approach to closed source software in general, I don't think that specifically making it effectively impossible to use without rewriting key parts of the OS yourself is a security-oriented decision. Security involves not using closed source software, not telling everyone else that they can't use it either. I'm not saying that's what the OpenBSD project does. I'm just saying that, for instance, the availability of the ath driver contradicts a claim that security is a top priority of the FreeBSD project. Only if it was installed and operational by default would that really be the case. Obviously, I'm assuming it's not installed by default. From what I've read so far, it's not -- please correct me if I'm wrong. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Amazon.com interview candidate: "When C++ is your hammer, everything starts to look like your thumb."