On Tue, Dec 09, 2025 at 04:01:04PM +0000, [email protected] wrote: > cared dearly about security
The sad fact is that a large proportion of open source projects, (and indeed closed source projects), do not care about security, or reliability, or frankly any of the values that are core to OpenBSD. Over the years as somebody works on and develop using OpenBSD code and gets accustomed to all this, the more they'll likely find it lacking in other projects. But everyone who so desires can do their part to change this. Write code the hard and slow way, taking care to check the details you're not sure about, approaching coding problems with a belt and braces attitude, and test in as many unusual environments and with as much unusual input as you can. Care about the quality of documentation and code comments. Don't expect to receive recognition or priase for doing this from people who don't care about it themselves. But with enough effort it might lead to respect from like-minded people, which is probably more valuable and satisfying in the long term. > any parts of the kernel that were open to remote exploit I think you mean obviously and most directly open to remote exploit. Because unless there is a culture of prioritising code quality and auditing as you go along, taking any particular part of such a large codebase and declaring it as being impossible to exploit remotely is going to be a non-trivial task.
