In fact, the OpenBSD policy has always been what Greg articulates: "always update to the latest -stable kernel update". Theo has made this argument for years: Nobody has much time or patience for classifying bugs, and even if they did, it's actually quite tricky. Any classification will contain so many false positives and negatives that basing your security decisions on it would be foolish. Fix and patch bugs rather than philosophizing over their nature.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds