php is required in order to use many of the more mature web applications such as forum software. i run apache chroot, use modsecurity, and use ipf to limit the www user. a tight systrace policy might help but not very much incremental gain. everyone says php is a security breach waiting to happen, so what else can i do if i want to use these large apps without rewriting them from scratch in another language?
also, i wish openbsd would release updated packages instead of just the patches. i would do it myself but who would trust a binary some random guy posts? openbsd maintainers have to step up and do this. why aren't you guys releasing package updates anyway? when you post a source patch on your errata page, take the few extra minutes to make a updated package and post that as well please! :) thanks