Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Operating Systems Software Encryption Security BSD

OpenBSD 4.5 Released 118

Posted by timothy from the belts-and-suspenders-and-guns-and-mines dept.
portscan writes "OpenBSD 4.5 has been released. New and extended platforms include sparc64, and added device drivers. OpenSSH 5.2 is included, plus a number of tweaks, bugfixes, and enhancements. See the announcement page for a full list. OpenBSD is a security-oriented UNIX/BSD operating system." As per OpenBSD tradition, of course there's a song.
This discussion has been archived. No new comments can be posted.

OpenBSD 4.5 Released More

OpenBSD 4.5 Released

Comments Filter:

  • Re:Not like that... (Score:3, Interesting)

    by colonelxc ( 1467119 ) on Friday May 01, 2009 @05:20AM (#27784629)
    It's a spectrum, and not all OSes are good for all applications. I for one am glad that there are people taking security seriously in an OS. Maybe it's hard to use for the average user, but in server and embedded environments, it excels.

    You can also bet that other *nixes (especially other BSD flavors) take hints on how to secure themselves from OpenBSD.

    Use whatever OS suits your needs best, just don't try to bring other distros down for not following your vision.

  • application security? = fail (Score:2, Interesting)

    by Anonymous Coward on Friday May 01, 2009 @05:24AM (#27784647)

    The one area where OpenBSD is let down on the security front is the packages/ports - basically the applications you might want to use. Those are not kept updated over the lifetime of a release. The only way to get the patches and security fixes is to run -Current, which may not be the best for most people.

    Given the frequent updates needed for some apps, especially on the security front (looking at you Firefox!) - it seems a bit odd for a security focused project to expect it's users to run the same old static version for circa 6 months till the next version arrives.

  • Re:Same day as Solaris 10u7 (Score:1, Interesting)

    by Anonymous Coward on Friday May 01, 2009 @05:30AM (#27784669)
    I doubt that there was any intention to that. OpenBSD releases are usually released very regularly from year to year.

  • Re:Not like that... (Score:3, Interesting)

    by fadir ( 522518 ) on Friday May 01, 2009 @05:38AM (#27784705)

    I don't think that there are many people out there that would claim that OpenBSD is comfortable to use and would make a good desktop system.

    But it has its small niche market and lives there happily. Additionally we all benefit from this project one way or the other (OpenSSH, etc.)
    It's a bit similar to Minix: interesting and certainly helpful in its own way. But nothing for everyday usage.

  • Re:application security? = fail (Score:3, Interesting)

    by Anonymous Coward on Friday May 01, 2009 @05:54AM (#27784757)

    Actually, they do provide a patch branch of the core release for 1 year post release, they just don't provide any application updates during that time. What they advise against is running a stable branch for the core OS, and running a current ports (don't cross the streams - that would be bad?).

  • Re:Not like that... (Score:1, Interesting)

    by Anonymous Coward on Friday May 01, 2009 @07:05AM (#27785019)
    There is a difference between binary blobs and firmware. And it is significant. Firmware is part of the hardware. Of course we all would rather completely open hardware, but software that runs in kernel mode is of higher priority to me. Also software encumbered by patents and proprietary undocumented formats.
    I use Linux over Windows, but the version I use is unfree and I use it specifically for its unfree features(Namely Skype and legal DVD playback, not that I actually use the latter) so I really could use either at that point.

  • Where OpenBSD falls down... (Score:3, Interesting)

    by metrix007 ( 200091 ) on Friday May 01, 2009 @08:07AM (#27785301)

    Is the lack of RBAC and MAC, or any decent non discretionary access controls.

    Solaris has RBAC, Linux has RSBAC and SELinux. OpenBSD staunchly refuses to add anything similar, and no, a system call interceptor does not count.

    It's all well and good to have quality code and aim to get rid of vulnerabilities at the core, but a really secure system would be able to protect from attack, in the event it did happen.

    As it stands, a system with SELinux or RSBAC is far, far more secure than OpenBSD, because of this fact.

  • Re:Where OpenBSD falls down... (Score:2, Interesting)

    by Anonymous Coward on Friday May 01, 2009 @09:06AM (#27785787)

    Except most large apps and all the expensive consultants immediately go "Turn off SELinux" as soon as _anything_ goes weird or not-as-I-remember-from-class, which teaches admins to also turn off that pesky security as soon as something important breaks. Then you reinforce that idea further, "SELinux is fine, especially when turned off" and you still end up choosing between the "far more secure" system that makes your boss want to fire you for not getting the app work, or a "normal" unsecure linux without any extras.

  • Re:Not like that... (Score:3, Interesting)

    by Just Some Guy ( 3352 ) <kirk+slashdot@strauser.com> on Friday May 01, 2009 @10:48AM (#27786929) Homepage Journal

    Keeping systems up-to-date, both base system and userspace stuff, is much easier on Debian-based systems, IMO.

    I upgraded to 4.5 this morning, and the package upgrade instructions [openbsd.org] were to run pkg_add -ui -F update -F updatedepends. Now, I'm typing this on Ubuntu, and I use FreeBSD on most of "my" servers, but that just about as convenient as it gets.

Slashdot Top Deals

Two can Live as Cheaply as One for Half as Long. -- Howard Kandel

Close