Thursday, April 22, 2021

OPNsense and HardenedBSD are parting ways

Dear all,

During the last 6 years we have followed a strategy where we included HardenedBSD patches on top of FreeBSD to construct the operating system on which OPNsense relies. Most of our system has been FreeBSD-based combined with security patches and more security centric defaults for different areas of our system.

Since most of the surrounding world, when supporting *BSD-based operating systems, aim for FreeBSD, we do value a great interoperability with FreeBSD since that is where the general developer community is focused on. This is not a change of strategy, but merely an explanation.

Over time we have seen that building on top of HardenedBSD not always guarantees interoperability, which means that issues we or our users run into are not always very widespread and have the tendency to complicate tracking issues. Since the HardenedBSD team is quite small, chances that issues are caught before we run into them are unfortunately not very substantial.

From time to time we considered leaving HardenedBSD, at some point in time there was practically no movement, but when things seemed to have picked up again last year we decided to wait and see if it would improve the situation. Also because FreeBSD did not incorporate some of the security enhancements which we have been delivering since 2015.

With FreeBSD 13 released and the gaining interest for security, we think it is now time to change our strategy a bit and focus our efforts further on FreeBSD to help improve security as much as we can. In time there is a risk that HardenedBSD additions are less compatible with new FreeBSD security features. For this reason we are aiming to incorporate FreeBSD 13.x into OPNsense 22.1 in January 2022. Since Shawn has been a core team member due to the involvement into our operating system, we decided to remove him from our core team as well.

Obviously we wish HardenedBSD and Shawn a bright future, maybe in time more of the original concepts and ideas will land in FreeBSD. We as OPNsense remain focused on security, but also believe more eyes help improve security as we have seen on our codebase as well with all the people involved in different areas of our project.


Stay safe,
Your OPNsense team



from Hacker News https://ift.tt/32EM70Z

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.