> PS: Think about the Heartbleed bug in openssl for example. This is actually an excellent example. openssl has proven rather worthless due to general quality issues (worse than just this one heartbleed bug). What is suckless' response to this? Do we have enough manpower to maintain a webkit-shim, an archaic terminal emulator, a window manager AND an ssl library? cinap is trying to fix the latter problem on 9front, but it turns out the whole underlying specs are shit, too. so it hardly matters how high the quality of your code is. if you want a secure system you should pull the plug altogether.
suckless doesn't cover all layers.