Content deleted Content added
→Other features: Merged paragraphs about pledge(2) and about unveil(2); added explanation of both together; added Firefox as an additional example of a 'pledged'/'unveiled' application. |
→Other features: OpenBSD is secure by default, to not waste users' time and to require conscious decisions to reduce security. |
||
Line 46:
OpenBSD has a history of providing its users with [[Full disclosure (computer security)|full disclosure]] in relation to various bugs and security breaches detected by the OpenBSD team.<ref>{{cite web |url=http://bsd.slashdot.org/story/00/12/11/1455210/theo-de-raadt-responds |title=Theo de Raadt Responds |last=Miller |first=Robin |publisher=[[Slashdot]] |date=December 11, 2000 |url-status=live |archive-url=https://web.archive.org/web/20110728031830/http://bsd.slashdot.org/story/00/12/11/1455210/Theo-de-Raadt-Responds |archive-date=July 28, 2011 |access-date=May 16, 2014 }}</ref> This is exemplified by [[OpenBSD#Slogan|the project's slogan]]: "Only two remote holes in the default install, in a heck of a long time!"
OpenBSD is intended to be secure by default, which includes (but is not limited to) having all non-essential services be disabled by default. This is done not only to not require users to learn how and waste time to secure their computers after installing OpenBSD, but also in hope of making users more aware of security considerations, by requiring them to make conscious decisions to enable features that could reduce their security. <ref>{{cite web |title=OpenBSD: Security — "Secure by Default" |url=https://www.openbsd.org/security.html#default |website=www.openbsd.org |access-date=27 September 2023}}</ref>
In OpenBSD 5.3, support for [[full disk encryption]] was introduced,<ref>{{cite web|title=OpenBSD 5.3|url=http://www.openbsd.org/53.html|website=OpenBSD|access-date=May 26, 2016}}</ref> but enabling it during the installation of OpenBSD had required manual intervention from the user by exiting the installer and entering some commands. Starting from OpenBSD 7.3, the installer supports enabling full disk encryption using a guided procedure, not requiring manual intervention anymore.<ref>{{cite web |title=OpenBSD 7.3 |url=https://www.openbsd.org/73.html |website=www.openbsd.org |access-date=19 April 2023}}</ref><ref>{{cite web |title=Initial support for guided disk encryption in the installer |url=https://undeadly.org/cgi?action=article;sid=20230308063109 |website=undeadly.org |access-date=19 April 2023}}</ref>
| |||