Return to BSD News archive
Newsgroups: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.bsdi.misc Path: euryale.cc.adfa.oz.au!olive.mil.adfa.oz.au!navmat.navy.gov.au!posgate.acis.com.au!warrane.connect.com.au!news.syd.connect.com.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!paladin.american.edu!gatech!swrinde!howland.reston.ans.net!ix.netcom.com!netcom.com!nc0453 From: nc0453@netcom.com (-) Subject: Re: need secure OS to entrust millions to Message-ID: <nc0453Dn96w6.93F@netcom.com> Organization: Disorganization of Nonmembers References: <4gi6t6$3h9@lace.colorado.edu> <312D2029.FF6D5DF@FreeBSD.org> Date: Sat, 24 Feb 1996 00:04:53 GMT Lines: 59 Sender: nc0453@netcom8.netcom.com Xref: euryale.cc.adfa.oz.au comp.os.linux.development.system:18058 comp.os.linux.misc:88563 comp.os.linux.networking:29750 comp.unix.bsd.freebsd.misc:14384 comp.unix.bsd.netbsd.misc:2325 comp.unix.bsd.bsdi.misc:2467 In article <312D2029.FF6D5DF@FreeBSD.org>, Jordan K. Hubbard <jkh@FreeBSD.org> wrote: >Bryce wrote: >> I'm writing documentation which advises banks on how to >> setup an electronic banking software package on a >> Net-connected, firewall-protected Intel box. Some of the >> most important banks in the world will be reading this >> documentation very soon. The current version of the >> documentation, which I inherited, advises them to run >> FreeBSD or BSDI. I'm considering changing this >> recommendation to Linux. > >I think this would be an ungodly mistake, frankly. The message sounds like flamebait to me. >Let's say something *does* happen, or CERT publishes an advisory about >some security hole which you don't have the personal resources to fix >and the hackers surrounding whichever free OS you choose are just too Not to split hairs, but you could just as well remove the word "free" from that sentence. Also, one of his candidates was BSDI, which is anything but free. It's actually rather costly, even though I haven't seen many advantages, beyond being able to run Netscape Commerce Server. >busy that week to get to it in a reasonable time frame. Or let's say >that an entirely undocumented security hole is found by a hacker, the >account of one of your customers is cleaned out and he/she sues you for >umpety-ump million bucks. It'll look pretty damning in court if you >have to stand up and testify to the fact that you actually chose a free >OS with no support and no clear lineage of development. In what way will you be safer in court if you bought Solaris or AIX? Regardless of the choice, you need the *same* protection from liability. >Buy a commercial OS and the best support contract money can buy. So that you can place blame on someone else? > It >almost doesn't matter which (though obviously you're also going to want >source code just to cover your butt, so things like SCO are probably >disqualified). Can you name one commercial OS that provides source code? > President, FreeBSD Project Fascinating. FBSD is not a player in the real market, even by your opinion. That shows a desperate lack of vision, I'm afraid. James