Hacker News new | past | comments | ask | show | jobs | submit login

OpenBSD is also known for this. They constantly push back against adding configuration knobs or running non standard configurations.

Have you used OpenBSD? You're telling them they should be doing something, that is already basically their mission statement.




Looking at OpenSSH tells a different story. It is a massive, overly configurable behemoth. The 'WireGuard of SSH' would be 1% of the LOC. It would not provide password auth, or let you log in as root with password auth, or let you use old insecure ciphers.

Maybe OpenBSD itself is better at sticking to these principles than OpenSSH. I haven't used (experimented with) it for ~5 years but read about various updates every so often.


You seem to be confusing "OpenSSH" with "OpenSSH Portable Release". As explained here: https://www.openssh.com/portable.html

> Normal OpenSSH development produces a very small, secure, and easy to maintain version for the OpenBSD project. The OpenSSH Portability Team takes that pure version and adds portability code so that OpenSSH can run on many other operating systems.

Unless you actually run OpenBSD, what you think is "OpenSSH" is in fact "OpenSSH Portable Release". These are very different things.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: