===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- www/security.html 1998/02/20 21:44:08 1.20
+++ www/security.html 1998/02/21 15:49:58 1.21
@@ -90,7 +90,40 @@
Read-write mmap() flaw (patch included)
+
+
Watching our Security Changes
+Since we take a proactive stance with security, we are continually
+finding and fixing new security problems. Not all of these problems
+get widely reported because (as stated earlier) many of them are not
+confirmed to be exploitable. We do not have the time resources to
+make these changes available in the above format.
+
+Thus there are usually minor security fixes in the current source code
+beyond the previous major OpenBSD release. We make a limited
+gaurantee that these problems are of limited impact and unproven
+exploitability. If we discover a problem definately matters for
+security, patches will show up here quickly.
+
+People who are really concerned with critical
+security can do a number of things:
+
+
+- If you understand security issues, watch our
+ source-changes mailing list and keep an
+ eye out for things which appear security changes. Since
+ exploitability is not proven for many of the fixes we make,
+ do not expect the relevant commit message to say "SECURITY FIX!".
+ If a problem is proven and serious, a patch will be available
+ here very shortly after.
+
- Track our current source code tree, and teach yourself how to do a
+ complete system build from time to time. Make the assumption
+ that the current source tree always has stronger security.
+
- Install a binary snapshots, which are
+ made available fairly often.
+
+
+
Other Resources
Other security advisories that have (in the past) affected OpenBSD can
be found at the Secure Networks archive.
@@ -104,7 +137,7 @@
This site Copyright © 1996-1998 OpenBSD.
-$OpenBSD: security.html,v 1.20 1998/02/20 21:44:08 deraadt Exp $
+$OpenBSD: security.html,v 1.21 1998/02/21 15:49:58 deraadt Exp $