I heard that OpenBSD has a proactive code review process, and they claim that only 2 remote exploits have been found in the system, probably as a result. So I'm wondering if this means that OpenBSD boxes have less need to sit there sucking down hundreds of megs of security patches? I'm really fed up with the endless security patch treadmill, it's not getting better, its getting worse.

So is anyone using OpenBSD? Do you seem to experience less patching than other OS? And is it suitable for general desktop use, or is it a nerds only edition?

Would it be a good thing to run a webserver on?

I lump BSD under 'nerds only'. It's rock stable and is really secure--but that comes at a price. The stability is there because the community is fanatical and they don't support all that Windows or Linux does. The security is there because the community is fanatical and there just isn't a big target; note you can still get pWned using the same software that you'd use in Linux (Firefox/Flash/etc.) but the core system is really good--good enough for Apple to base OSX on.

I've tried using it as a desktop (just to be elitist) but was not impressed with it in that aspect. If I had a SOHO I'd definitely consider it for the front line computer (server for web/files/etc).

That is two remove vulnerabilities in the default install, which is different to the default install in NetBSD or Ubuntu or Suse or Slackware or Fedora or Redhat or Vista or XP... it isn't a particularly meaningful statistic as you are not comparing apples to apples.

Most of the security updates you are downloading are for all the other software you are running (Gnome, KDE, Apache, OpenSSH) and you will get them for any maintained OS that makes use of them.

That is two remove vulnerabilities in the default install, which is different to the default install in NetBSD or Ubuntu or Suse or Slackware or Fedora or Redhat or Vista or XP... it isn't a particularly meaningful statistic as you are not comparing apples to apples.

Most of the security updates you are downloading are for all the other software you are running (Gnome, KDE, Apache, OpenSSH) and you will get them for any maintained OS that makes use of them.

I'll assume you're talking about my post and would like to point out that without those unsecure programmes a BSD box is fairly unusable for a desktop user; especially someone coming from Windows.

I gave props for the actual OS being secure, but was pointing out that for the install to be useful you loose a lot of that security....

I'm aware the applications on top of the OS are all separate security issues, but if you're running a webserver you want to be running as little as possible and having an OS with a massively superior track record in security is highly appealing.

Too bad its no good for desktop, but really its not that hard to keep a clean desktop even in Windows. It's the web facing stuff that has the living daylights beaten out of it.