===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/59.html,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- www/59.html	2016/03/06 08:43:00	1.58
+++ www/59.html	2016/03/06 10:50:10	1.59
@@ -149,12 +149,13 @@
 <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pledge">pledge(2)</a>
     support integrated:
     <ul>
-    <li>tame(2) system call renamed to pledge(2).
-    <li>Many behaviours/semantics extended and refined.
-    <li>453 out of 707 base system binaries adapted to use pledge.
-    <li>14 ports adapted to use pledge (some decompression tools, mutt,
-	some pdf tools, chromium/iridium, and the i3 window manager).
-    <li>Several bugs exposed by pledge(2) have been corrected, for example in
+    <li>The tame(2) system call was renamed to pledge(2).
+        Behavior and semantics were extended and refined.
+    <li>453 out of 707 base system binaries were adapted to use pledge.
+    <li>14 ports now use pledge(2): some decompression tools, mutt,
+        some pdf tools, chromium/iridium, and the i3 window manager.
+    <li>Various bugs exposed by pledge(2) were corrected.
+        For example in
         <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bgpd/bgpd.c?rev=1.181&amp;content-type=text/x-cvsweb-markup">
             bgpd(8)</a>,
         <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/iked/config.c?rev=1.40&amp;content-type=text/x-cvsweb-markup">
@@ -165,34 +166,47 @@
             ntpd(8)</a>,
         and <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/syslogd/syslogd.c?rev=1.200&amp;content-type=text/x-cvsweb-markup">
             syslogd(8)</a>.
-    <li>Several misguided "features" have been removed, such as
-        <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/asr.c?rev=1.50&amp;content-type=text/x-cvsweb-markup">
-            support for HOSTALIASES from the resolver</a>,
-        <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/asr.c?rev=1.49&amp;content-type=text/x-cvsweb-markup">
-            support for "lookup yp" in /etc/resolv.conf</a>,
-        <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/binutils-2.17/binutils/rename.c?rev=1.2&amp;content-type=text/x-cvsweb-markup">
-            setuid-preserving code in binutils tools</a> or
-        <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/patch/ed.c?rev=1.1&amp;content-type=text/x-cvsweb-markup">
-            ed-style diffs via proc/exec in patch(1)</a>.
-    <li>A somewhat intensive audit of userland program so that they could be
-        properly annotated with pledge(2) was done, resulting in some design
-        changes such as in
+    <li>Several misfeatures were removed, such as:
+        <ul>
+            <li><a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/asr.c?rev=1.50&amp;content-type=text/x-cvsweb-markup">
+                    support for HOSTALIASES</a>
+                in the 
+                <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=asr_run">
+                    resolver</a>.
+            <li><a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/asr.c?rev=1.49&amp;content-type=text/x-cvsweb-markup">
+                    support for <tt>lookup yp</tt></a>
+                in
+                <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf">
+                    resolv.conf(5)</a>.
+            <li><a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/binutils-2.17/binutils/rename.c?rev=1.2&amp;content-type=text/x-cvsweb-markup">
+                    setuid-preserving code</a>
+                in tools from binutils.
+            <li>handling of
+                <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/patch/ed.c?rev=1.1&amp;content-type=text/x-cvsweb-markup">
+                    ed-style diffs</a> via proc/exec in
+                <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch">patch(1)</a>.
+        </ul>
+    <li>Userland programs were audited so that they could be properly annotated
+        with pledge(2).
+        This resulted in design changes such as in
         <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/rdate/rdate.c?rev=1.33&amp;content-type=text/x-cvsweb-markup">
             rdate(1)</a>,
         <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/sndiod/sndiod.c?rev=1.18&amp;content-type=text/x-cvsweb-markup">
             sndiod(8)</a>
-        or the introduction of <tt>SOCK_DNS</tt>
+        or the introduction of the <tt>SOCK_DNS</tt>
         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=socket">
             socket(2)</a>
         flag that makes an <tt>SS_DNS</tt> tagged socket conceptually different
         from a plain socket.
-    <li>It also has been used to constrain programs to a more limited POSIX
-        subset, such as some
+    <li>pledge(2) is also used to constrain programs that handle untrusted data
+        to a very limited subset of POSIX.
+        For example,
+        <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strings">strings(1)</a>
+        or
+        <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=objdump">objdump(1)</a>
+        from the
         <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/binutils-2.17/binutils/objdump.c?rev=1.2&amp;content-type=text/x-cvsweb-markup">
             binutils</a>
-        tools that handle untrusted data
-        (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strings">strings(1)</a>,
-        <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=objdump">objdump(1)</a>, ...),
         or the RSA-privsep process in
         <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/ca.c?rev=1.15&amp;content-type=text/x-cvsweb-markup">
             smtpd(1)</a>.