===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.35
retrieving revision 1.36
diff -c -r1.35 -r1.36
*** www/60.html	2016/07/27 13:51:01	1.35
--- www/60.html	2016/07/30 23:37:40	1.36
***************
*** 177,182 ****
--- 177,188 ----
  	<tt>PT_OPENBSD_WXNEEDED</tt> and it is located on a filesystem
  	mounted with the <tt>wxallowed</tt>
  	<a href="http://man.openbsd.org/mount.8">mount(8)</a> option.
+ 	Because there are still too many ports which violate W^X, the
+ 	installer mounts the <tt>/usr/local</tt> filesystem with
+ 	<tt>wxallowed</tt>.  This allows the base system to be more
+ 	secure as long as <tt>/usr/local</tt> is a seperate filesystem.
+ 	If you use no W^X violating programs, consider manually
+ 	revoking that option.
      <li>The <a href="http://man.openbsd.org/setjmp.3">setjmp(3)</a>
  	family of functions now apply XOR cookies to stack and return-address
  	values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc.