On Wed, 24 Oct 2007, Jeremy Huiskamp wrote:
> On 24-Oct-07, at 5:59 PM, L. V. Lammert wrote:

quoted text
> > At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote:

> >> You must be more qualified with regards to the actual code than I am

> >> because I flat out don't believe this at all.

> >

> > Believe what? OBSD is secure? I thought you were proud of the

> > project? Sheesh! If our leader doesn't believe OBSD is secure, we

> > ALL better be running for cover. Linux, anyone?

>

> So you judge the security of the operating system by how many

> (possibly brash) risks its developers are willing to take with it?

>

Huh? What does that have to do with the number of known exploits for a

given OS?

A simple measure of an OS 'security' is the simple metrics of known

exploits that have been identified.
Certainly OBSD ranks high on the list, which is one reason why we're here.

Certailny good developers are important and appreciated.
The fact that Microshaft crap has hundreds or thousands of vulnerabilities

is the other extreme of the list.
> That's counter-intuitive.  If I'm looking for security, I'd rather

quoted text
> get my software from a developer who isn't satisfied because (s)he is

> more likely to work harder to improve it and be much more careful

> while doing it.  If confidence is all that matters, then heck, lets

> get rid of all the privilege separation and other risk-minimizing

> techniques because you don't need them when your code is flawless right?

>

I have no clue what you're trying to say??? The original comment was the

the number of vulnerabilities is a inverse measure of the security risk

associated with a given OS.

	Lee
================================================

  Leland V. Lammert            lvl@omnitec.net

    Chief Scientist     Omnitec Corporation

 Network/Internet Consultants   www.omnitec.net

================================================