1. 28
  1.  

  2. 12

    It would be really helpful for those of us interested in security and OpenBSD’s contributions to read a blog series or a long list of diffs with short explanations on what OpenBSD changed and why (the security rationale behind the changes).

    I’m envisioning something like a simplified diff view with a comment explaining that the replaced code was not constant-time for a cryptographic function, for example. Simple stuff like that which will prompt the curious reader to explore further and learn about secure coding through real examples.

    1. 8

      While I agree that it would be interesting to read – what you are asking takes a lot of effort. Also, OpenBSD developers suffers from some form of illness where they don’t realise that what they are working on is interesting as hell, so you basically have to force them to write or talk about it.

      Reading the source-changes mailing and following undeadly.org and garbage.fm (and possiblye BSD Now) is as close we’re probably going to get for now.

      1. 2

        An alternative to source-changes is freshbsd.org which tracks commits and provides diffs even, for every BSD

      2. 1

        The OpenBSD homepage has some papers/presentations, but not all of them are security specific.