===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.20
retrieving revision 1.21
diff -c -r1.20 -r1.21
*** www/security.html 1998/02/20 21:44:08 1.20
--- www/security.html 1998/02/21 15:49:58 1.21
***************
*** 90,96 ****
--- 90,129 ----
Read-write mmap() flaw (patch included)
+
+
Watching our Security Changes
+ Since we take a proactive stance with security, we are continually
+ finding and fixing new security problems. Not all of these problems
+ get widely reported because (as stated earlier) many of them are not
+ confirmed to be exploitable. We do not have the time resources to
+ make these changes available in the above format.
+
+ Thus there are usually minor security fixes in the current source code
+ beyond the previous major OpenBSD release. We make a limited
+ gaurantee that these problems are of limited impact and unproven
+ exploitability. If we discover a problem definately matters for
+ security, patches will show up here quickly.
+
+ People who are really concerned with critical
+ security can do a number of things:
+
+
+ - If you understand security issues, watch our
+ source-changes mailing list and keep an
+ eye out for things which appear security changes. Since
+ exploitability is not proven for many of the fixes we make,
+ do not expect the relevant commit message to say "SECURITY FIX!".
+ If a problem is proven and serious, a patch will be available
+ here very shortly after.
+
- Track our current source code tree, and teach yourself how to do a
+ complete system build from time to time. Make the assumption
+ that the current source tree always has stronger security.
+
- Install a binary snapshots, which are
+ made available fairly often.
+
+
+
Other Resources
Other security advisories that have (in the past) affected OpenBSD can
be found at the Secure Networks archive.
***************
*** 104,110 ****
This site Copyright © 1996-1998 OpenBSD.
! $OpenBSD: security.html,v 1.20 1998/02/20 21:44:08 deraadt Exp $