commit - f87d91158fcf3d44b21b4f2d8489c6c8e4d65570
commit + 131d1da5c4e2edb4a4f8634787dc9d7747fb9392
blob - 3491e1fa288645bf880f5217a2cb7e87f3f1dcc3
blob + 69cfb6f6341485e4ec89dcf8fc330a79e825eeb6
--- goals.html
+++ goals.html
@@ -30,11 +30,13 @@ Remain on-disk compatible with bare Git repositories.
 <li>
 Follow OpenBSD's security practices and coding style.
 <ul>
-<li>
-Use privilege separation when parsing data from network or disk.
-<li>Use <a href="https://man.openbsd.org/pledge">pledge(2)</a> and
-<a href="https://man.openbsd.org/unveil">unveil(2)</a>.
 <li>Use a development process based on code review.
+<li>Run as much code as possible under
+<a href="https://man.openbsd.org/pledge">pledge(2)</a> and
+<a href="https://man.openbsd.org/unveil">unveil(2)</a>.
+<li>
+Use privilege-separated programs running under <tt>pledge("stdio")</tt>
+for parsing data from network or disk.
 </ul>
 <li>
 Consider workflow requirements of OpenBSD developers.