Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 4.5 Released

Posted by timothy on from the belts-and-suspenders-and-guns-and-mines dept.

portscan writes "OpenBSD 4.5 has been released. New and extended platforms include sparc64, and added device drivers. OpenSSH 5.2 is included, plus a number of tweaks, bugfixes, and enhancements. See the announcement page for a full list. OpenBSD is a security-oriented UNIX/BSD operating system." As per OpenBSD tradition, of course there's a song.

9 of 118 comments (clear)

  1. Re:Not like that... by colonelxc · · Score: 3, Interesting

    It's a spectrum, and not all OSes are good for all applications. I for one am glad that there are people taking security seriously in an OS. Maybe it's hard to use for the average user, but in server and embedded environments, it excels.

    You can also bet that other *nixes (especially other BSD flavors) take hints on how to secure themselves from OpenBSD.

    Use whatever OS suits your needs best, just don't try to bring other distros down for not following your vision.

  2. application security? = fail by Anonymous Coward · · Score: 2, Interesting

    The one area where OpenBSD is let down on the security front is the packages/ports - basically the applications you might want to use. Those are not kept updated over the lifetime of a release. The only way to get the patches and security fixes is to run -Current, which may not be the best for most people.

    Given the frequent updates needed for some apps, especially on the security front (looking at you Firefox!) - it seems a bit odd for a security focused project to expect it's users to run the same old static version for circa 6 months till the next version arrives.

    1. Re:application security? = fail by Anonymous Coward · · Score: 3, Interesting

      Actually, they do provide a patch branch of the core release for 1 year post release, they just don't provide any application updates during that time. What they advise against is running a stable branch for the core OS, and running a current ports (don't cross the streams - that would be bad?).

  3. Re:Same day as Solaris 10u7 by Anonymous Coward · · Score: 1, Interesting

    I doubt that there was any intention to that. OpenBSD releases are usually released very regularly from year to year.

  4. Re:Not like that... by fadir · · Score: 3, Interesting

    I don't think that there are many people out there that would claim that OpenBSD is comfortable to use and would make a good desktop system.

    But it has its small niche market and lives there happily. Additionally we all benefit from this project one way or the other (OpenSSH, etc.)
    It's a bit similar to Minix: interesting and certainly helpful in its own way. But nothing for everyday usage.

  5. Re:Not like that... by Anonymous Coward · · Score: 1, Interesting

    There is a difference between binary blobs and firmware. And it is significant. Firmware is part of the hardware. Of course we all would rather completely open hardware, but software that runs in kernel mode is of higher priority to me. Also software encumbered by patents and proprietary undocumented formats.
    I use Linux over Windows, but the version I use is unfree and I use it specifically for its unfree features(Namely Skype and legal DVD playback, not that I actually use the latter) so I really could use either at that point.

  6. Where OpenBSD falls down... by metrix007 · · Score: 3, Interesting

    Is the lack of RBAC and MAC, or any decent non discretionary access controls.

    Solaris has RBAC, Linux has RSBAC and SELinux. OpenBSD staunchly refuses to add anything similar, and no, a system call interceptor does not count.

    It's all well and good to have quality code and aim to get rid of vulnerabilities at the core, but a really secure system would be able to protect from attack, in the event it did happen.

    As it stands, a system with SELinux or RSBAC is far, far more secure than OpenBSD, because of this fact.

    --
    If you ignore ACs because they are anonymous - you're an idiot.
    1. Re:Where OpenBSD falls down... by Anonymous Coward · · Score: 2, Interesting

      Except most large apps and all the expensive consultants immediately go "Turn off SELinux" as soon as _anything_ goes weird or not-as-I-remember-from-class, which teaches admins to also turn off that pesky security as soon as something important breaks. Then you reinforce that idea further, "SELinux is fine, especially when turned off" and you still end up choosing between the "far more secure" system that makes your boss want to fire you for not getting the app work, or a "normal" unsecure linux without any extras.

  7. Re:Not like that... by Just+Some+Guy · · Score: 2, Interesting

    Keeping systems up-to-date, both base system and userspace stuff, is much easier on Debian-based systems, IMO.

    I upgraded to 4.5 this morning, and the package upgrade instructions were to run pkg_add -ui -F update -F updatedepends. Now, I'm typing this on Ubuntu, and I use FreeBSD on most of "my" servers, but that just about as convenient as it gets.

    --
    Dewey, what part of this looks like authorities should be involved?