About transparency, new ownership and fending off competitorsīased on the fact that some of the source code has been taken away I agree about the lack of transparency.įrom my perspective, it looks like pfSense people got frightened that the source code is getting forked by OPNsense and tried to make the fork more difficult by taking away some of the code. If the build tools for pfSense are not open-source then, in my opinion, the entire project is not fully open source either. Apparently, it's possible to apply to ESF to receive the source code for the tools, but that's a very bizarre way of holding power over the source code while claiming that it's open source. IMO this is the most legitimate reason for forking the project. Perhaps they are working on making this change, but if that's the case, this should be clearly stated as currently it's implied that OPNSense doesn't run the web server as root. I'm either missing something or there's some false advertising on OPNSense's part. OPNSense claims that they forked the project to not run the Web UI under the root user, but when I look at it myself, the lighttpd and PHP are running in OPNSense as root as well. In my opinion a proper sudo configuration would be preferable to running everything as root, but perhaps the complexity involved is much greater than the benefits of doing so. They claim that it's unavoidable since almost all actions require root privileges. PfSense runs the PHP-based web UI under a root user. About security issues related to UI being executed as root I examine this in detail in a section below. I agree that more regular releases are desirable from the security perspective. pfSense claims that OPNsense has more bugs, and therefore the quality of OPNSense is worse. I personally don't have an opinion about the code quality because I haven't worked on either project. PfSense developers call these reasons bogus. several license changes for no apparent reason.concern regarding transparency, new ownership of the pfSense brand, using the brand name to fence off the competition.
source code for the pfSense build tools is are no longer publicly available.security issues related to the web UI being run as root.OPNSense lists their reasons for forking pfSense here It's worth noting that when m0n0wall got discontinued in 2015, Manuel Kasper, the author or m0n0wall recommended its users to migrate to OPNSense rather than pfSense. OPNsense forked pfSense in 2015, right after m0n0wall got discontinued. PfSense forked m0n0wall in 2004 and released the first version in 2006. Before we jump into functionality, security, and usability, let's look at the relevant parts of the history of both systems.īoth systems have a common ancestor - m0n0wall.
0 kommentar(er)
