OpenBSD 4.5 Released 118
portscan writes "OpenBSD 4.5 has been released. New and extended platforms include sparc64, and added device drivers. OpenSSH 5.2 is included, plus a number of tweaks, bugfixes, and enhancements. See the announcement page for a full list. OpenBSD is a security-oriented UNIX/BSD operating system." As per OpenBSD tradition, of course there's a song.
Re:Not like that... (Score:3, Interesting)
You can also bet that other *nixes (especially other BSD flavors) take hints on how to secure themselves from OpenBSD.
Use whatever OS suits your needs best, just don't try to bring other distros down for not following your vision.
application security? = fail (Score:2, Interesting)
The one area where OpenBSD is let down on the security front is the packages/ports - basically the applications you might want to use. Those are not kept updated over the lifetime of a release. The only way to get the patches and security fixes is to run -Current, which may not be the best for most people.
Given the frequent updates needed for some apps, especially on the security front (looking at you Firefox!) - it seems a bit odd for a security focused project to expect it's users to run the same old static version for circa 6 months till the next version arrives.
Re:Same day as Solaris 10u7 (Score:1, Interesting)
Re:Not like that... (Score:3, Interesting)
I don't think that there are many people out there that would claim that OpenBSD is comfortable to use and would make a good desktop system.
But it has its small niche market and lives there happily. Additionally we all benefit from this project one way or the other (OpenSSH, etc.)
It's a bit similar to Minix: interesting and certainly helpful in its own way. But nothing for everyday usage.
Re:application security? = fail (Score:3, Interesting)
Actually, they do provide a patch branch of the core release for 1 year post release, they just don't provide any application updates during that time. What they advise against is running a stable branch for the core OS, and running a current ports (don't cross the streams - that would be bad?).
Re:Not like that... (Score:1, Interesting)
I use Linux over Windows, but the version I use is unfree and I use it specifically for its unfree features(Namely Skype and legal DVD playback, not that I actually use the latter) so I really could use either at that point.
Where OpenBSD falls down... (Score:3, Interesting)
Is the lack of RBAC and MAC, or any decent non discretionary access controls.
Solaris has RBAC, Linux has RSBAC and SELinux. OpenBSD staunchly refuses to add anything similar, and no, a system call interceptor does not count.
It's all well and good to have quality code and aim to get rid of vulnerabilities at the core, but a really secure system would be able to protect from attack, in the event it did happen.
As it stands, a system with SELinux or RSBAC is far, far more secure than OpenBSD, because of this fact.
Re:Where OpenBSD falls down... (Score:2, Interesting)
Except most large apps and all the expensive consultants immediately go "Turn off SELinux" as soon as _anything_ goes weird or not-as-I-remember-from-class, which teaches admins to also turn off that pesky security as soon as something important breaks. Then you reinforce that idea further, "SELinux is fine, especially when turned off" and you still end up choosing between the "far more secure" system that makes your boss want to fire you for not getting the app work, or a "normal" unsecure linux without any extras.
Re:Not like that... (Score:3, Interesting)
Keeping systems up-to-date, both base system and userspace stuff, is much easier on Debian-based systems, IMO.
I upgraded to 4.5 this morning, and the package upgrade instructions [openbsd.org] were to run pkg_add -ui -F update -F updatedepends. Now, I'm typing this on Ubuntu, and I use FreeBSD on most of "my" servers, but that just about as convenient as it gets.