On Tue, 22 Sep 1998, Jonathan Stone wrote:
>(i) I think you're saying, that, (except exportable crypto),
>     OpenBSD in fact does not do particularly more about security
>     than NetBSD; they just do better marketing of the job they do.
>     Is that right?

  At this point I should probably point out a conversation that I had with a
friend and former coworker, a reasonably well-known network security expert, a
month or so ago.  I caught up with him after having lost touch for a couple of
months, and he told me about the sparc10 he picked up recently...of course I
asked "so man, what are you running on it?"  He said "Well you know I'm sick of
SunOS, and Solaris blows...so I'm running OpenBSD."  I responded with "Hmm...why
OpenBSD instead of NetBSD?"

  His response was "It seems like pretty much the same OS, but OpenBSD is
much more security conscious, so I went with that."

  Maybe a NetBSD security web page wouldn't be such a bad idea.  We *are* doing
good work to deal with security issues.  It's about time someone other than the
developers found out about it.


                                         -Dave McGuire