Hi! i have a doubt lately because i noticed that the mailing list i am subscribed about debian security, has a lot of packages with security fixes for all debian branches, also if i made an "apt update && apt upgrade" in debian stable i can see those same packages updated, with the security fixes i previously get the email from the mailing list.
The thing is, that in the mailing lists i am subscribed for openbsd, (ports, ports-changed, etc) i don't see any security fix for the -stable nor for the -current branches (i know the stable branch only get security fixes via source code from cvs) but it didn't get the same security patches as debian have... for example this for firefox:
https://www.debian.org/security/2017/dsa-4035 and in the openbsd ports page
http://openports.se/www/firefox-esr it shows the same version, but i think is for -current branch only, if im running -stable, i need to get the update from source code cvs or via mtier, but also mtier didn't show any security fix for firefox
https://stable.mtier.org/updates?release=62 so im like confused and wanted to understand better, the difference in security patches for openbsd compared for example, with debian, it's because the project has less manpower to have the same security fixes in stable, maybe it's because the security fixes aren't needed in first place due to being not harmfull for a default openbsd install, or why are these differences?
Thank you so much!