* Vince Hillier <vdh () plutonium homeunix com>:
-----BEGIN PGP SIGNED MESSAGE-----
As to openBSD is more secure, I think your opinion is flawed heavily.
A box is only as secure as it's maintainer makes it. BSD claims we're most secure out of the box.
They forget to mention that they run less services out of the box.
As for auditing, almost evertything goes under an audit at one point or another, so why do we have security issues?
Because people audit the code, and what do people make? That's right, mistakes.
As for what you should use, you shouldn't have to ask people this, you should choose what you like and you are most
This nonsense that X OS is more secure then X is crap. If you go ahead and install all kinds of services on a
OpenBSD box, and never update them, then your OpenBSD box is no more secure then a house with no dorrs/windows. Same
with Linux. If you disable all the services but the ones needed to function, your box is pretty secure as long as
you maintain it.
- - -----Original Message-----
From: Ash [mailto:ashcrow () phreaker net]
Sent: Thursday, October 31, 2002 5:28 PM
To: GSG Designs; security-basics () security-focus com
Subject: Re: Newbie: RedHat 8 or OpenBSD??
On Wednesday 30 October 2002 03:56 pm, GSG Designs wrote:
I'm fairly new to this, so please bare with me. If this question has been
asked in the past, I apologize. I'm new to the listserv as well.
Welcome to the list!
We are discussing starting our own web server. There is debate on whether
RedHat 8 or OpenBSD is more secure. What are your thoughts? We will be
doing online orders with credit card info, etc. Do you have any resources
to point us to? (We will be running Apache, probably a 'duh'.)
OpenBSD is more secure. A lot of the code has been patched for strl* functions
isntead of str* for one, there was a code audit, there is integrated suport
for crypto, and it's the main focus of the project. One of the drawbacks to
Red Hat is they like to use the latest software which can lead to the latest
On a more practical note both can be setup to be 'secure' but it has been my
experience that OpenBSD takes less time as long as you are comfortable in a
- - ---
Darkfire Secure Linux
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 (Build 294) Beta
-----END PGP SIGNATURE-----