===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- www/60.html	2016/07/27 13:51:01	1.35
+++ www/60.html	2016/07/30 23:37:40	1.36
@@ -177,6 +177,12 @@
 	<tt>PT_OPENBSD_WXNEEDED</tt> and it is located on a filesystem
 	mounted with the <tt>wxallowed</tt>
 	<a href="http://man.openbsd.org/mount.8">mount(8)</a> option.
+	Because there are still too many ports which violate W^X, the
+	installer mounts the <tt>/usr/local</tt> filesystem with
+	<tt>wxallowed</tt>.  This allows the base system to be more
+	secure as long as <tt>/usr/local</tt> is a seperate filesystem.
+	If you use no W^X violating programs, consider manually
+	revoking that option.
     <li>The <a href="http://man.openbsd.org/setjmp.3">setjmp(3)</a>
 	family of functions now apply XOR cookies to stack and return-address
 	values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc.