David, Thanks for your message...
> As a practical matter, I would prefer to see that information > featured prominently in the documentation, rather than strongly > encouraging people to rely on packages > (http://www.openbsd.org/faq/faq15.html#PkgVsPorts). I don't feel > that it's responsible to discourage users from using ports when doing > so, along with manual backporting, is the only supported way to > maintain a patched system (where -current is not appropriate). Many people aren't competent enough to backport their security patches. People usually think that they have to have all the latest patches, which is all well and good, but if they don't know how to run ports (very likely) and they don't know enough about the ports system to backport the security patches, they are very likely to make mistakes, and then someone is going to have to support them. It's much easier for people in -STABLE to just run the stable packages. That is still probably the best advice for most people. If they want to run other stuff, they will probably be able to do it without needing an FAQ entry, since all this information is already out there. On the other hand, I don't think anyone would complain if there were someone tracking the security updates and making sure that they got in to -STABLE or at least that the patches were sent to po...@. -- Aaron W. Hsu <arcf...@sacrideo.us> | <http://www.sacrideo.us> "Government is the great fiction, through which everybody endeavors to live at the expense of everybody else." -- Frederic Bastiat +++++++++++++++ ((lambda (x) (x x)) (lambda (x) (x x))) ++++++++++++++
