> Thanks for your replay Christoph. > > Please correct me if I'm wrong, but as I understand things, this only > works if one is following OpenBSD-current. I am running -release. > This is an in-use production server; I don't feel wise running > -current.
If you install for example OpenBSD 6.2 you have a -release version. On the errata page https://www.openbsd.org/errata62.html you find the available patches for the -release base system. If you apply this patches with syspatch(8) you have a -stable system. -current (also called snapshots is something different). >> You can add wxallowed to a already mounted filesystem using >> mount(8). > > In theory, I don't like this; I would rather keep preventing > everything > not mapped from /use/local from being able to have both writable and > executeable pages, even if it's only temporary. That was only meaned as information. I have enough RAM and use it to build things. There are many ways todo things. > ... > Some software builds and integrates from original sources more easilym > that is, the usual: > ./configure {reasonable options} -> make -> make install > procedure goes off withotu a hitch, or at least without too many > edits. IMHO sure, you can build all things you need manually. The point is, ports (from what you talked) have maintainers. If you use a ./configure switch, it means not, that the maintainer also will go this way for port updates or, provide a flavour for the port using this switch. Security things or broken things from a port should be fixed upstream - if not and, if you like to see updated ports, work on it. > > I understand that the ports system first builds and packages a port, > and then installs it. > > I could be doing something wrong, but it seems that some ports install > dependencies to the system (pkg_add-style) that are required to > *build* > the package from source, but that aren't required to *run* the package > (e.g. cmake). > > So, I definitely don't mind leaving the built packages in the ports > tree, but I *do* mind leaving them installed on the system. > See my pkg_add -a mention and, the answer from espie@
