It’s a fairly recent turn of events. First it was difficult to compile on 2.4 because three left out closed source dependencies that their build scripts relied on.
With 2.6 they are basically diverging entirely. Albeit they are still trying to argue they are foss.
The issue I have is if I’m going with an edge security appliance that has code that can’t be easily audited by security pros better than me, I’ll go with Pali Alto or Cisco who has entire branches and teams dedicated to security like Talos/snort. They are less succeptible to security errors and have a customer base that straight affects national security. So even Alphabet agencies will report exploits and 0days to them.
With their wire guard shenanigans it’s clear they are a small team and closing off the code base means I’m now relying on people that act this way to criticisms for security. I don’t really care about internet drama and it’s a reason I’ve stayed with pfsense to now. But pragmatically their choices mean I have to change. Which is okay too.
With 2.6 they are basically diverging entirely. Albeit they are still trying to argue they are foss.
The issue I have is if I’m going with an edge security appliance that has code that can’t be easily audited by security pros better than me, I’ll go with Pali Alto or Cisco who has entire branches and teams dedicated to security like Talos/snort. They are less succeptible to security errors and have a customer base that straight affects national security. So even Alphabet agencies will report exploits and 0days to them.
With their wire guard shenanigans it’s clear they are a small team and closing off the code base means I’m now relying on people that act this way to criticisms for security. I don’t really care about internet drama and it’s a reason I’ve stayed with pfsense to now. But pragmatically their choices mean I have to change. Which is okay too.
https://www.netgate.com/blog/painful-lessons-learned-in-secu...
https://old.reddit.com/r/networking/comments/m6zjie/wireguar...