logoalt Hacker News

tredre3today at 6:40 PM1 replyview on HN

The fact that most security researches tend to bullshit to pump up their numbers doesn't mean that OpenBSD isn't selective.

The main claim from OpenBSD is "Only two remote holes in the default install since forever".

It is technically true. But it's also selective because they deliberately disable every service by default and don't install any software beyond core.

Once the OS is configured to be useful, we're far from the default install and they would (and have!) refuse to update their motto when confronted with RCEs in those parts.

Which is fair enough! You gotta draw the line somewhere. But that's still being very selective.


Replies

mmoosstoday at 7:42 PM

> they deliberately disable every service by default and don't install any software beyond core.

Do you prefer that or everything (or most/many services) being enabled by default? It's a good practice and, for me, very practical - I don't need to find everything I'm not using and disable it.

show 1 reply