I used openBSD on my server since I got to know about it. It's pretty much like you say, it's no fun at all. There were a few things some while ago, wich weren't really about security, but some other stuff and that's the last time I remember I did anything to it. I actually quite like this. I don't have to do a single thing. I'm not lazy, but why bother? I think it has much to do with the auditting of the code. OpenBSD isn't really the kind of os that needs to have a new release with the new uber looking gui etc. Stuff can be done at the developers own pace (almost). Unlike redhat wich I started to see as a little distro factory with nice colours. It has almost become a race to get to the top 1 linux distro's. Besides that, bsd has their own portage system, with secure apps and the like. More and more peeople start to code "open-source", but they often have little experience (if you start programming, why not do it open source ?) and as little knowledge about security and stability. To say it real dirty, the open source world gets poluted with bugs. For example, many people write their own feedback script in php. Just an easy setup mail form, right from the book. They just plain forget to check what the user puts in the mailadress bar. Whoopah, another cross site scripting bug or sql injection. Same goes with everything else. OpenBSD default configuration is allow nothing. I just downloaded a linux distro wich should make the step to linux easy for windows users. Everything is enabled. all uneeded deamons you can think of, all to make it all look a bit more like windows. Linux looses itself bigtime by making itself look like windows.
err... out of beer...
cya
