OpenBSD Journal

Debian GNU/OpenBSD?

Contributed by Dengue on from the comes-up-every-year dept.

sigil writes : "Andreas Schuldei wants to combine the security of OpenBSD with the manageability and useability of Debian. The OpenBSD project has undertaken a huge and tedious task of auditing the code of kernel code and certain popular server programs. Their approach is to have a small system where security goes ahead end user convenience in the cases these are in conflict. Debian is happy to welcome new software and this is not likely to change so the solution would be to propose a certain set of packages considered secure along with the OpenBSD kernel.

Snippet: http://www.niksula.cs.hut.fi/~ateras/travel/debian_conference/
slides: http://www.schuldei.org/andreas/talks/lsm-2001/ "

This should spark some interesting comments. It seems like there is always some move to try and create a more minimized, custom OpenBSD-based distribution. Personally, I like the integration of the current method. Having to maintain a bunch of inter-related package dependencies is one of the reasons I switched from Linux in the first place.

(Comments are closed)


Comments
  1. By niekze () niekze@nothing*remove*killsfaster.com on http://www.nothingkillsfaster.com

    I like debian. I love OpenBSD. Apt-get scales better than the ports tree (seen fbsd's ports tree? yeck), but Apt is sloppy and quite the bitch sometimes. I really don't see the point however. If you want Linux with the security of OpenBSD, why not just use OpenBSD? But, I'm preaching to the converted...Nevertheless, I'd like a Linux distro that works *exactly* like OpenBSD. yea, it won't be *exact*, but you know what i mean. Gotta put something on those SMP sparcs :)

  2. By ted () ted@unixfoo.ath.cx on http://unixfoo.ath.cx

    Well, Ive been using both debian and openbsd for about two years now, and I love both of them. When it comes to packaging systems, apt is great. The only problem I have with apt is there is alot of muck that gathers on the system over time. By muck I mean configuration files, orphaned libs, etc. I love the fact the OpenBSD has such a clean install. The openbsd ports system is awesome, one can't ever go wrong with it.

  3. By TitaniumFox () dootdoot@coin.org on mailto:dootdoot@coin.org

    ...you don't have to choose. Our family lan seems to have grown to proportions larger than some business lans, and is administrated by both my brother and me. We run a debian server inside the firewall, providing filesharing, etc services to a bunch of linux/win98/win2k machines (about one per room), and a debian machine acting as a semi-secure ftp/http server in our DMZ. Our firewall is an OpenBSD machine, though. Starting out as Linux-junkies, we gradually got tired of all the zealots shouting "Linux - Live Free Or Die," but enjoyed the ease of managing such systems. After an afternoon of fooling around with OpenBSD we found it was almost as easy to configure. It's rather like speaking two dialects of the same language. Anyway, I would enjoy seeing increased security for Debian/GNU boxes, but I don't see giving up OpenBSD as a firewall.

    TiFox

  4. By Anonymous Coward () on

    For *BSD users I think http://www.openpackages.com/html/benefits.php is a lot more promising. An unified ports tree would be quite nice...

  5. By Isak Lyberth () ily@vejlehs.dk on mailto:ily@vejlehs.dk

    The debian project would really gain from this, and it is some great publicity for OpenBSD, but could OBSD gain from it too?
    I think in the long run, yes. The more people who audit code the better, no matter wich OS they are auditing for. Better quality code makes it easyer for the OBSD audit team.
    So it doesn't really matter if they will move apt to bsd, If they can fix the bugs in apt it could make it easyer for newbies to run a workstation.
    Speculations, speculations

  6. By Frank DENIS () j@pureftpd.org on http://www.pureftpd.org

    Actually, the current BSD packaging system is great. Upgrading through CVS and recompiling everything is the optimal system IMHO. Even newer Linux distros like Gentoo Linux are using a similar system.
    Having Debian packaging tools will imply a fork of OpenBSD. That's bad. Some bugs will affect OpenBSD-normal, other bugs will affect Debian OpenBSD, fixes won't be the same, software versions won't be the same, binary packages won't be trusted, etc.
    What OpenBSD needs is more ports, and UP TO DATE ports. And the Debian folks can help on that point. There are active Debian maintainers for every project. Maybe they can also maintain the OpenBSD port of the same software. It's not a hell once a port has already be done. Mostly only the version number and the integrity sum have to be changed.

  7. By Anonymous Coward () on


    Does anyone know if the plans to Debianize the OpenBSD distribution include GPL'ing OpenBSD?

  8. By jxqvg () jxqvg@hotmail.com on mailto:jxqvg@hotmail.com

    Do you really want to hear Stallman insisting that it's GNU /OpenBSD?

    But seriously, won't that just install a false sense of security in those who choose to use this distro? Considering a set of packages secure would require some pretty serious auditing, and that won't be easy with some of the larger(and probably more important) ones, will it?

  9. By Jeff Flowers () jeff@jeffreyf.net on mailto:jeff@jeffreyf.net

    In regards to the size of OpenBSD, I feel that it is getting too large and too inclusive. In my personal opinion, programs such as Sendmail, Lynx, Perl, and Sudo should all be optional, just as installing the X-Window System is optional. Why do I feel this way? Because having extra binaries that you do not need is, in itself, a security risk. I also dislike cruft.

    Of course, I understand why this isn't being done and since I am not a programmer and cannot help, I have not suggested this to anyone. After all, how much can you complain about a free OS, especially one as good as OpenBSD?

    Just my 2 cents.

    Jeff

  10. By BoBo () none@privacy.org on none

    This should spark some interesting comments. It seems like there is always some move to try and create a more minimized, custom OpenBSD-based distribution. Personally, I like the integration of the current method. Having to maintain a bunch of inter-related package dependencies is one of the reasons I switched from Linux in the first place.

    Amen. Took the words right out of my mouth.

  11. By Milkypostman () milkypostman@yahoo.com on http://www.doncurtis.com

    I see everything right with taking the security of OpenBSD and trying to integrate some better security in Debian Linux, BUT, i see everything wrong with taking things from Debian and making them a part of OpenBSD. Apt is NOT as good as the current OBSD package management system is. What makes OBSD / FreeBSD so great is that there is only ONE ports tree. With debian, everyone and their brother can put up an apt server. OpenBSD is great, don't get mixed up with linux. D.A.R.E. to keep OpenBSD off Linux....

  12. By Anonymous Coward () on

    Debian Guys can always take the code from OpenBSD, whereas OpenBSD guys can't take the code from Debian. As far as I understood, they don't speak about any kind of collaboration with OpenBSD team. So the winners in the story might be Debian guys...

  13. By Anonymous Coward () on

    I remember about a year or two ago someone wanted to build a Debian based on FreeBSD. As usual, a lot of Debian folk complained because the BSD license wasn't pure enough for them. I don't think the project went anywhere as a result (but I could be wrong.)

    I won't stand in anyone's way of someone trying again with NetBSD or OpenBSD or ClosedBSD or AnyOtherBSD, but rest assured the Debian purists will.

  14. By Anonymous Coward () on

    although not strictly related to the Debian/OpenBSD idea... what are the arguments against supplying binary patches? There could be md5sums of the binaries found on the errata page to insure integretity. Having to install devel tools on a system will a small hdd and processor gets to be a bit of a pain pretty quickly. Although it seems the occasional patch like the recent nvidia fix have a binary available most do not.

  15. By Sacha Ligthert () on

    Does anybody know the responses/feelings/thoughts on the Debian side of the story? I'm wondering what they are thinking about it.

    Personaly I disgust the idea of having the cancer playing with OpenBSD code..

  16. By bruj0 () bruj0@securityportal-com-ar on http://securityportal.com.ar

    Yea it will, know why? well lets see. OpenBSD has turn out to be the more ugly OS that i ever saw. And i saw almost all.
    Linux on the countrair its smooth, nice man pages. A fscking lot of Documentation explaining how to do it. No just telling you to go RTFM.
    And yea it is secure, just not as good as OpenBSD in the Firewall bussiness.
    So as you can see i use Linux for normal day to day work and OpenBSD for my firewalls.
    When they both get together it will totally ROCK!

    bruj0-

  17. By Nobody You'd Know () on

    look at all the talk
    and yet not a line of code
    this is laughable

  18. By Anonymous Coward () on

    Unlike several previous abortive attempts, this one has actually gotten off the ground: quite a bit of code has been submitted to the mailing list. The Debian package management tools have been successfully compiled on BSD and a number of packages have been ported over. A basic skeleton system is starting to shape up. There should be an installable version sometime in the near future.

    These are the projected stats on Debian GNU/BSD:

    1. The userland will be the GNU system. This will not be a BSD OS with Debian package management tools installed, this will be the GNU operating system using a BSD kernel.

    2. The kernel will be NetBSD or OpenBSD, with strong talk of a modular kernel system being added so that any BSD kernel can be "snapped in."

    3. Debian package management will be included, of course. Whether or not anything will remain of Ports will be undecided. Ports may be eliminated entirely or it may be beefed up to the sophistication of apt and the two systems integrated together. Nobody knows at this point.

    4. The BSD filesystem will be used at first, with Ext2 support being a task for later. BSD's libc will be also be used at first. Some people want to port Glibc, others don't.

    Check the mailing list archives on lists.debian.org for the code and for all the discussion that's been going on lately.

  19. By syscop () ping1@linuxfreemail.com on mailto:ping1@linuxfreemail.com

    I personally think that its all well and good that
    people want to hack together a neat hybrid system.
    However, most of us use OpenBSD to work and dont think it needs much that Debian has to offer. How bout they all get off there bums and audit the Debian codebase!

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]