

OpenBSD 4.7 Released - tshtf
http://www.openbsd.org/47.html

======
zokier
"Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support"

Interesting that they are still on 1.3 rather than 2.2. I guess its easier to
secure with smaller/older codebase.

edit: Kinda sad that they have given up commentaries with their songs. Still
awesome for having the songs anyways.

~~~
danudey
I understand their reasoning, of course, because there's such a thing as
principles and I can respect that. Still, how many of their users stay on 1.3
because of those same principles? How many just go and compile their own (un-
secured) version of Apache 2.x instead?

OpenBSD has two major driving philosophies that I'm aware of - freedom of code
and security of code - but in this case I have to wonder which one is more
important. Is it more important to be as free as possible, even knowing that
most (competent) admins will replace the secured Apache 1.3 with the non-
OpenBSD-secured 2.2? Or should OpenBSD relent and include a secured Apache 2.2
in the default install, even though it's _not as free as they would like_ ,
despite still being arguably 'free'.

As a pragmatist, I'd much rather have a secured 'slightly less free' OpenBSD
install vs. a 'less secured' 'slightly less free' OpenBSD install. Maybe
that's just me though.

~~~
JoachimSchipper
It's a license issue.

Anyway, Apache 2.x is in ports nowadays; it hasn't been patched for security
to the extent that the system Apache has been, but it's not a compile-your-own
scenario.

------
ebiester
Netcraft confirms... sorry.

I've never understood why low cost router and firewall software has tended to
use Linux rather than OpenBSD or NetBSD, which has by and large pulled the
security advantages from OpenBSD.

~~~
protomyth
I tend to use it for basic services (firewall, dns, e-mail) that I want to
start with a decently secured base. It is actually pretty quick to install a
server if you keep decent track of the config files and keep the ports handy.

------
protomyth
Take a look at the changes to pf.conf when upgrading.

------
againstyou
i liked the 4.7 logo, i´ll buy the t-shirt

