| It seem that openBSD are auditing code for security hole. Why Debian does not audit at least the base install for such bug. I know there is a large number of package, so an audit of the whole system is impossible, but It seem reasonable to audit the base installation.
“We are not so much looking for security holes, as we are looking for basic software bugs, and if years later someone discovers the problem used to be a security issue, and we fixed it because it was just a bug, well, all the better. Flaws have been found in just about every area of the system. Entire new classes of security problems have been found during our audit, and often source code which had been audited earlier needs re-auditing with these new flaws in mind. Code often gets audited multiple times, and by multiple people with different auditing skills.”