*BSD News Article 62195


Return to BSD News archive

Newsgroups: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.bsdi.misc
Path: euryale.cc.adfa.oz.au!olive.mil.adfa.oz.au!navmat.navy.gov.au!posgate.acis.com.au!warrane.connect.com.au!news.syd.connect.com.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!paladin.american.edu!gatech!swrinde!howland.reston.ans.net!ix.netcom.com!netcom.com!nc0453
From: nc0453@netcom.com (-)
Subject: Re: need secure OS to entrust millions to
Message-ID: <nc0453Dn96w6.93F@netcom.com>
Organization: Disorganization of Nonmembers
References: <4gi6t6$3h9@lace.colorado.edu> <312D2029.FF6D5DF@FreeBSD.org>
Date: Sat, 24 Feb 1996 00:04:53 GMT
Lines: 59
Sender: nc0453@netcom8.netcom.com
Xref: euryale.cc.adfa.oz.au comp.os.linux.development.system:18058 comp.os.linux.misc:88563 comp.os.linux.networking:29750 comp.unix.bsd.freebsd.misc:14384 comp.unix.bsd.netbsd.misc:2325 comp.unix.bsd.bsdi.misc:2467

In article <312D2029.FF6D5DF@FreeBSD.org>,
Jordan K. Hubbard <jkh@FreeBSD.org> wrote:
>Bryce wrote:
>> I'm writing documentation which advises banks on how to
>> setup an electronic banking software package on a
>> Net-connected, firewall-protected Intel box.  Some of the
>> most important banks in the world will be reading this
>> documentation very soon.  The current version of the
>> documentation, which I inherited, advises them to run
>> FreeBSD or BSDI.  I'm considering changing this
>> recommendation to Linux.
>
>I think this would be an ungodly mistake, frankly.

The message sounds like flamebait to me.


>Let's say something *does* happen, or CERT publishes an advisory about
>some security hole which you don't have the personal resources to fix
>and the hackers surrounding whichever free OS you choose are just too

Not to split hairs, but you could just as well remove the word 
"free" from that sentence.

Also, one of his candidates was BSDI, which is anything but free.
It's actually rather costly, even though I haven't seen many   
advantages, beyond being able to run Netscape Commerce Server.
 

>busy that week to get to it in a reasonable time frame.  Or let's say
>that an entirely undocumented security hole is found by a hacker, the
>account of one of your customers is cleaned out and he/she sues you for
>umpety-ump million bucks.  It'll look pretty damning in court if you
>have to stand up and testify to the fact that you actually chose a free
>OS with no support and no clear lineage of development.


In what way will you be safer in court if you bought Solaris or 
AIX?  Regardless of the choice, you need the *same* protection
from liability.  

>Buy a commercial OS and the best support contract money can buy.

So that you can place blame on someone else?

>  It
>almost doesn't matter which (though obviously you're also going to want
>source code just to cover your butt, so things like SCO are probably
>disqualified).

Can you name one commercial OS that provides source code?


>  President, FreeBSD Project

Fascinating.  FBSD is not a player in the real market, even by
your opinion.  That shows a desperate lack of vision, I'm afraid.

James