OpenBSD is a fork of NetBSD maintained by a very paranoid Canadian man and his cronies. The fork began when Theo was stripped of his NetBSD title for flaming the crap out of people. After losing access to the tree, he tried to submit patches, but they were sadly rejected, and despite talk by the NetBSD people of allowing Theo to merge them himself, Theo was not given CVS. After a few months of pleading with NetBSD's higher ranks, a fed up Theo decided to create his own tree in 1995. Since then it has become known for security. The basic security philosophy is:
- Enable very few daemons by default, and have lean config files. "Secure by default".
- Frequently audit code for exploitable bits
OpenBSD also has out-of-the-box crypto. It was one of the earlier UNIXish platforms to abolish telnet entirely in favor of ssh, with their free rewrite, OpenSSH.
It's certainly the best for an
Internet gateway,
firewall, et cetera. For a
workstation, I'm not so sure it's all that
necessary, because you'd just end up defeating the purpose by enabling a bunch of [potentially exploitable] daemons, changing config files and the like. In such a case it might make a little more sense to use
NetBSD or
FreeBSD (or of course,
GNU/Linux..), leaving your
OpenBSD boxen on the
front lines of
security.