I understand their reasoning, of course, because there's such a thing as principles and I can respect that. Still, how many of their users stay on 1.3 because of those same principles? How many just go and compile their own (un-secured) version of Apache 2.x instead?
OpenBSD has two major driving philosophies that I'm aware of - freedom of code and security of code - but in this case I have to wonder which one is more important. Is it more important to be as free as possible, even knowing that most (competent) admins will replace the secured Apache 1.3 with the non-OpenBSD-secured 2.2? Or should OpenBSD relent and include a secured Apache 2.2 in the default install, even though it's not as free as they would like, despite still being arguably 'free'.
As a pragmatist, I'd much rather have a secured 'slightly less free' OpenBSD install vs. a 'less secured' 'slightly less free' OpenBSD install. Maybe that's just me though.
Anyway, Apache 2.x is in ports nowadays; it hasn't been patched for security to the extent that the system Apache has been, but it's not a compile-your-own scenario.
OpenBSD has two major driving philosophies that I'm aware of - freedom of code and security of code - but in this case I have to wonder which one is more important. Is it more important to be as free as possible, even knowing that most (competent) admins will replace the secured Apache 1.3 with the non-OpenBSD-secured 2.2? Or should OpenBSD relent and include a secured Apache 2.2 in the default install, even though it's not as free as they would like, despite still being arguably 'free'.
As a pragmatist, I'd much rather have a secured 'slightly less free' OpenBSD install vs. a 'less secured' 'slightly less free' OpenBSD install. Maybe that's just me though.