On Tuesday, February 21, Folkert van Heusden wrote: > > If a program is packaged into OpenBSD, does that mean it also has been > screened for security problems?
I'm sure this is covered in the FAQ somewhere, or on this list before. > Furthermore I would like to announce version 3.8.6, that is the latest > stable release. Quit a lot has changed since version 3.6.x. A complete > changelog can be found here: > http://www.vanheusden.com/multitail/changelog.html > > Folkert van Heusden > Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com Wait a minute!? You mean you don't screen your own software for security problems? Or are you asking a general question about software that is in ports? Either way. Some of the ports people try. Some harder, others less. At times you're looking at a port that is in the thousands (if not millions) of lines of code. You're not going to have 1 (or 2) maintainers be able to screen for all security problems. In general, if/when we happen to find them, we patch them, and send them upstream. However, I'd say that using ports, while packaged/patched in what we consider the most secure and reasonable defaults, comes with no guarrantee that it is any more or less secure than what you can get elsewhere on the 'net. --Toby.
