My impression has been that once they're going they are pretty much the same. I like the fact that Open has a more rigorous security audit of the code and is (theoretically) less vulnerable to buffer overrun type exploits. The "packages" undergo nearly the same audit rigor as the main OS, but the "ports" haven't been audited, so depending upon which services you run can open yourself up to exploits in the ported code. You're still no worse off than running another BSD, however.
I like the fact that OpenSSH is already in the OS. I like the extremely robust randomization code in Open, which is implemented throughout the OS, for example in process IDs, etc.
I dislike the fact that the audit process tends to slow down the inclusion of new versions of the packages. For example, Open was still runing Bind 4 until a year ago. You could, of course, remove the Bind 4 and install the new stuff, but then you lose out on the benefit of the auditing, so why not just install a more up to date distribution like Free?
Anyhow, I use Open for Samba, firewall, web, DNS, mail and a few other things. It gives no problems and runs along with very little maintenance.
In my personal opinion, updates are less frequently required for security defects with Open. Others have commented that they are comfortable with doing a default install of OpenBSD and letting it run for *years* without updating. Naturally, if you want to take advantage of new functionality you're going to be updating more often.
If all you're using it for is a gateway/router/NAT/firewall machine and you disable all the other services, my guess is you can get OpenBSD running quickly and then forget about it for a *very* long time.
FWIW,
Jim
Previous Topic
Index
