Linked by fvillanustre on Fri 6th May 2011 22:19 UTC
Talk, Rumors, X Versus Y When comparing the evolution in market share of Linux and OpenBSD, two operating systems that were born around the same time, a question comes to mind: why is there such a difference in market penetration? Linux, on one side of the spectrum, with a license that supposedly impairs commercial venues, has enticed companies and organizations to adopt and support it under varying commercial models, while the BSD derivatives (FreeBSD, OpenBSD and NetBSD), with a larger history and an allegedly more commercial friendly license haven't been as successful to gather a large installed base and widespread adoption.
Thread beginning with comment 472169
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Because....
by sakeniwefu on Sat 7th May 2011 15:38 UTC in reply to "RE[3]: Because...."
sakeniwefu
Member since:
2008-02-26

They also advertise/hype stuff that's common practice in many open source projects anyway. Like code reviews or considering missing or wrong documentation as a bug. Not bad, but sounds like hype which they pretend to not do.


Frankly, that might be the case for some projects but it is far from usual. I recommend De Raadt's speech on the release process. Compare with Xorg. Not the fixed version in your OS but the real thing.

Also I wonder about the fact that they always ask for donation, especially because everyone uses OpenSSH (damn awesome software!), but don't participate in Google's Summer of Code.


My guess? They don't want to deal with people feeling entitled to commit their cool stuff on one hand, and students that still have many things to learn bothering them on the other.

The OpenBSD developer team is built on trust. They expect one to make many minor contributions, do boring testing, etc before being allowed to play with a new malloc.

Other projects would just review the contributed source and commit.

This attitude probably throws away perfectly good code but consider the following:
"My code is secure" - Anonymous Coward.
"My code is secure" - Someone who you know has picked up and fixed many bugs in the past.
BTW, trust is there "in addition to" code reviews, not "instead of".

ACLs, jails, package signing will be there the day someone willing to do the hard work and make them acceptable to the existing devs. In OpenBSD, "stupid" is a synonym for "No one has been willing to do it right".

For example ways to deal with the insecurity of the C programming language. I think they'd be able to create lots of problems to deal with that problem, but lately they seem more interested in removing GPL code.


The "insecurity" of the C language has been dealt with as far as they are concerned. They are more worried about higher level bugs such as juggling with permissions, trusting user input, race conditions, algorithm holes, etc. Haskell, Java or C, it doesn't matter if something is logically wrong.

Reply Parent Score: 4

RE[5]: Because....
by reez on Sat 7th May 2011 21:36 in reply to "RE[4]: Because...."
reez Member since:
2006-06-28

This attitude probably throws away perfectly good code but consider the following:
"My code is secure" - Anonymous Coward.
"My code is secure" - Someone who you know has picked up and fixed many bugs in the past.
BTW, trust is there "in addition to" code reviews, not "instead of".

ACLs, jails, package signing will be there the day someone willing to do the hard work and make them acceptable to the existing devs. In OpenBSD, "stupid" is a synonym for "No one has been willing to do it right".

It's not like they have to commit it if they don't want to, but I don't see a real reason for not participating at all. I mean yeah, I know the OpenBSD community and stances well enough to know that they don't want to do this, but they are able to review it and if there is any doubt they can throw it away. They are doing code audits anyway, so why not accept some additional code and money? Maybe they could get some new commuters.

Also I think most people wishing to take part in GSOC programming for the OpenBSD would know who they are dealing with and what is expected. Also there are certainly projects where people wouldn't be able to cause too much harm.

They could state all this together with their avialable projects.

Reply Parent Score: 2

RE[6]: Because....
by YALoki on Sat 7th May 2011 22:39 in reply to "RE[5]: Because...."
YALoki Member since:
2008-08-13


It's not like they have to commit it if they don't want to, but I don't see a real reason for not participating at all. I mean yeah, I know the OpenBSD community and stances well enough to know that they don't want to do this, but they are able to review it and if there is any doubt they can throw it away. They are doing code audits anyway, so why not accept some?


Where do you get the idea that OpenBSD does not accept code from people outside the developers?

Several of the developers work for companies that use OpenBSD in their products and contribute code and, from the other side of the fence, there are people like me who have contributed code and had it accepted.

My case was one of the classic OpenBSD cases: "If you have an itch, scratch it". Or, in other words, "Shut up and hack!"

I wanted extra functionality in a key component in the OS so I wrote the added code and generated diffs and submitted them and they were accepted overnight and committed with Theo's OK.

I used to be an IBM Linux instructor and got tired of all the crap man pages, the lousy "How-to" meme and the "market share is a measure of quality" ethos.

It is puzzling to me to see people who couldn't read source code to save their lives carrying on about how good the GPL is and, whilst I was building secure firewalls for major players in the financial sector using OpenBSD, some Linux distros had hackable keys due to a slack coder in one well known organisation.

I see people in this discussion rubbishing OpenBSD's attitude to blobs. The same people who want code to comply with the GPL.

So, they are prepared to put up with junk code from hardware suppliers? No source for the blobs so that you can still have drivers when the OS updates and the OEMs don't?

They can live with their faulty RAID controllers that the maker can't fix but a really good coder could?

Strange people..

Reply Parent Score: 2