Linked by Thom Holwerda on Thu 1st May 2014 10:18 UTC
OpenBSD

OpenBSD 5.5 has been released. As usual, the list of changes goes way beyond my comfort zone - I'm not exactly into the world of BSD - but I'm pretty sure that those that use OpenBSD aren't interested in oversimplified nonsense from people like me anyway.

As always, get it on CD-ROM (I love typing that in this day and age), or straight from a mirror.

Permalink for comment 587964
To read all comments associated with this story, please click here.
RE[2]: Heartbleed alert!
by sakeniwefu on Thu 1st May 2014 23:43 UTC in reply to "RE: Heartbleed alert!"
sakeniwefu
Member since:
2008-02-26

I run current, mind you. That is the only long term security option.
For releases, usually security and reliability fixes are not critical security holes and in parts of base you might not even be using. Some releases had no errata at all before the following release.
Realistically, most people avoid touching working systems. No it is not good, but you can see on the mailing lists that someone periodically asks how to update from 4.5 to 5.x. Do you think they are going to recompile from source once their uptime is larger than zero?
Starting with a release which is vulnerable to a widely known and trivial remote exploit is very dangerous in that context. There is no good way to install a patched system without installing a vulnerable one first.
Unlike most critical security holes to date, with Heartbleed one can get at your data without targeting OpenBSD specifically. It is 100% guaranteed your data will be stolen from a public facing server. My systems are okay but I don't want identity theft platforms all over the web.

Reply Parent Score: 3