Year 2000 Compliance Statement

As part of our security audit, we've done significant work to audit the source tree for Y2K flaws. When found, these were fixed before the 2.3 release shipped. We feel that we were pretty thorough -- we even found problems in the dating of nroff-generated manpages. Releases were carefully handled to avoid introducing new flaws.

A few extremely minor flaws were fixed in the 2.4, 2.5, and 2.6 releases, but all of these were problems without impact. Most of these issues related to programs that still printed dates in 2 digit form -- though they would have correctly printed the year as 00 and not 100. Not a serious issue in our mind when considering that there are other programs in the system which are required (by existing standards) to print dates in such form.

The 2.5 i386 port has a BIOS-related Y2K patch which people should apply.

The 2.6 release has a few very minor Y2K patches which people may wish to apply.

We recommend that paranoid people update to our latest release (which should already be obvious considering our continual improvements to security).

A non-comprehensive list of the problems we solved can be gleaned from our Changelogs (available on each CD in CD2:/Changelogs/) or in our web-based abbreviated daily log.

At this time, we do not know of any Y2K flaws. If anyone becomes aware of a flaw which we missed, please inform our developers so that it can be fixed.

If you want a guarantee from us, please read the copyright on our source code files. If you came here expecting a guarantee, perhaps you should try extracting one from another source, like Microsoft. Either you are laughing now, or they will be laughing at you when you phone them. Hopefully you now recognize how ridiculous it is to ask a free software project for a guarantee when vendors making lots of money won't even do so for their own software.

OpenBSD www@openbsd.org
$OpenBSD: y2k.html,v 1.9 2000/01/03 19:59:01 deraadt Exp $