On Sat, Dec 26, 2009 at 03:48:58PM -0500, David Shuman wrote: > Security is one of the stated objectives of OpenBSD yet the current > build process appears to be difficult to secure largely because the > build directories are numerous and mixed in with directories for > general machine operation. (also difficult to backup/restore if the > user desires to maintain multiple machine configurations using this > process.
Nope, you've got things wrong. Multiple machine configurations is the security problem there. The more knobs you have, the more tests you need to run to make sure you aren't introducing any stupidity. There is such a thing as making this process TOO configurable. Since you're a complete newbie, you haven't looked at the history of the project, but if you do, you'll notice there's a pattern towards making things ways more reproducible, and removing any useless variation from the base system. For instance, contrary to your average unix distribution, most everyone uses GENERIC (and there has been a lot of time sunk into config to try and make certain it works for everyone).
