OpenBSD gets a "poor score" in security.

From: Marian Hettwer [mailto:MHkernel32.de]
> OpenBSD is secure in many ways, but if the third party
app has a
> security flaw and released a bugfix, I'd like to see
an 
> updated package
> / port too.
> Otherwise I would need to compile the bugfixed version
from source,
> which doesn't make sense at all.
> So I need to be a ports commiter or something, right?


Yes, it is true that in the face of a security or major
other bug fix for an
app that an update should be timely as well. Thing is, most
of the time,
absolutely critical updates are released for ports pretty
quickly; obviously
a lot of this depends on popularity of the port itself, but
somewhat on the
responsiveness of the port maintainer too. However, it needs
to be clearly
understood that a lag in versions on a third party app
doesn't reflect on
the OS project. 3rd party apps are largely maintained by
third parties. And,
the user base can just as easily contact the port maintainer
to send in a
patch for a version bump too.

I already know the next argument. "OpenBSD doesn't
provide critical updates
to packages as quickly as $."
I've used enough
popular distros myself to know that I _have_ had to sit
around for days
using a self-built source version while I wait for the
distro vendor to
produce an updated package. Resource constraints exist
everywhere; no one is
on top of everything, all of the time.

DS