re: status debian/openbsd
OpenBSD appears to be more heavily audited though. Maybe it's just
appearance. You may have seen in the Debian Weekly News that I'm working
on a rough audit project and in such I would like to say that security
must include a heavy code audit.
i think 'appears' is a great word here.
from what i've seen over the years all of netbsd, freebsd and openbsd
have done 'code audits'. infact, largely they've spread to all.. you
may notice that there are far fewer set-id programs in *bsd than ever
i know that i personally read pretty much all the netbsd libraries,
set-id programs, and network daemons, back in 1996 and while i found
and fixed a few holes, i missed a lot too. code audit doesn't mean
that he bug was found... espcially after you've been reading 100 new
peices of code ....