Until recently, all my servers were running Debian. I had been running it on servers for years without any serious issues. The one thing that always bothered me a bit was its outdated packages. Of course, security fixes for CVEs are usually backported, but only very selectively. It is also not always guaranteed that a backport actually fixes the entire vulnerability. I had been curious about OpenBSD for a long time, and eventually I decided to make the switch.

The two reasons that pushed me over were security and minimalism. I had already been using OpenBSD projects for quite some time. I use doas as a sudo replacement on my workstations and OpenNTPD as my NTP daemon for almost as long. For comparison: doas is around 3,000 lines of code, while sudo sits at roughly 175,000. sudo ships with features that I am fairly sure almost no one actually uses and therefore has a lot of unnecessary complexity that has to be audited and trusted. (OpenSSH is, of course, also an OpenBSD project, but I do not really count it here as everyone uses it regardless of their OS)

What makes OpenBSD so interesting to me is its development philosophy. Instead of focusing on new features, OpenBSD regularly reviews, audits, and rewrites existing code. The fact that code audits are a normal part of the development process makes me trust the base system way more compared to other operating systems. I know that tools like httpd, relayd, pf, OpenSMTPD, and LibreSSL are part of one coherent system and maintained by people who care a lot about simplicity and security.

The minimalism is just as important. Configuration files are short, the man pages are excellent, and the defaults are very sane. Setting up OpenSMTPD was surprisingly simple after coming from Postfix, and pf feels similarly refreshing after having learned both iptables and nftables in the past.

My setup is also simple enough that OpenBSD fits very well. I do not need containers or a complicated stack. I mostly need a small, reliable, understandable system that I can trust.

Of course, the migration came with a steep learning curve. When I set up my first production Linux server, I had already been using Linux for quite some time, so most commands I had to run and config files I had to touch were nothing new. I had never used OpenBSD (or any other *BSD) on a workstation before, so learning its tools while migrating my servers felt a bit strange at first and took some time.

But that was also part of the appeal. OpenBSD forced me to understand the system instead of just copying over my existing Linux habits. Some things are different, but most of the time they are different in a way that feels deliberate.