Comment Re:KDE version (Score 5, Informative) 235
They audit every line of code they ship, including the external stuff they don't write.
I keep seeing this, but it is not entirely correct. According to their own FAQ they do not audit ports or packages to the same degree as the base system. One must assume that the "external stuff" has not been through an audit at all when installing a port/package.
http://www.openbsd.org/faq/faq15.html#Intro