Subject: Re: questions about netbsd
To: KroNiC~BSD <kronic_bsd@fastmail.fm>
From: Richard Rauch <rkr@olib.org>
List: port-i386
Date: 02/09/2003 16:34:16
Re. http://mail-index.netbsd.org/port-i386/2003/02/09/0020.html

As Manuel Bouyer said:

> Quoting Hubert Feyrer on -advocacy:
> "NetBSD has the lowest number of incidents reported on the Bugtraq mailing list"

Given that the systems watch each other, and often these issues
are examined on multiple OS's, there is a temptation to interpret
this as: NetBSD has fewer problems.  (If the projects didn't watch
each other, you could also take the view that this meant that others
are more vigorously examined.  I don't think that that's warranted,
but you can take it however you please.)

As for "how secure" NetBSD is: My (admittedly amateurish) perspective
is that security isn't something that comes in a sticker you put
on your machine, and isn't something that's part of the OS, provided
that the OS has known problems closed by the time of each release.

Security is a matter of keeping yourself informed, of educating
your users, and of setting out policies and habits for yourself.

The only objective area that I am aware of where NetBSD may be less
secure is in that it does not (so far as I know) include support
for encrypted filesystems or swap.  Is that important?

For me: Not really.  There is little or nothing on my computers
that would harm me if others had it.  I am more concerned about
loss of unbacked up data, loss of my own access to the hardware,
and lost time to recover from backup.

If you have systems that are known to have information that others
would like illegitimate access to, the situation may be different.
If this is a real issue for you and not just a check-box on some
list, you can probably add this one feature yourself.  Or you could
just specifically encrypt/decrypt the few files where this matters.


-- 
  "I probably don't know what I'm talking about."  --rkr@olib.org