|
|
|
|
|
|
by elektronjunge
4179 days ago
|
|
|
For security probably. But security isn't the only reason that I choose an OS. OpenBSD's security comes at a cost. They are usually late to the party on non-security features. Many of the security features make OpenBSD much slower. Even for security software OpenBSD isn't as big a win as the devs make it out to be. Take for instance PF, OpenBSD developers will be quick to point out that the OpenBSD version is more up to date. But that doesn't tell the whole story, FreeBSD is using a fork which allows for multi-threaded execution which is a must most non-trivial deployment scenarios. Further more OpenBSD often takes to hard of a line on security enhancements with the belief that the kernel should be the line in the sand. Usually, one prefers multiple layers of security but OpenBSD says the kernel is often good enough. See OpenBSD's refusal to add a MAC framework for an example of this. Jails also don't exist for similar reasons, though they are useful for reasons other than security. The source you have for the 'testbed' for new technologies makes the claim but barely has warrant for it. On the other hand, OpenBSD is much more liberal about breaking compatibility especially when it involves security. While I'm not going to excuse OpenSSL, NTP, or Sendmail they are all general robust software that has been in use for decades. Aside from LibreSSL the OpenBSD rewrites have been incompatible. FreeBSD also offers a number of incredibly compelling features outside of what OpenBSD can, or will offer in the short to medium term. I'll just list them: virtualization with Bhyve, boot from zfs, a linux compatibility layer, a much more modern package manager, official java support, the ability to install binary blobs. None of this is to say that OpenBSD isn't a great choice, but recognize there are reasons to choose both platforms and that one doesn't need to spread FUD to advocate for their favorite platform. |
|
|
I think you've incorrectly interpreted OpenBSD's intentions. OpenBSD doesn't support a MAC framework because they believe the best approach to security is correctness, rather than trying to achieve security by adding features which results in more complexity, making it more difficult to ensure correctness. A common mistake people make is thinking that OpenBSD's primary goal is security; their primary goal is correctness. This just happens to result in better security more often than not.