If I understood your question correct ... > Running: OpenBSD6.2-release > > Goal: To run a secure and functional web server. > (the server is currently up and running and used by > the public at large)
If you apply the patches from the errata page using syspatch(8) (if you are on i386 / amd64) then you have a up to date and secure -stabe installation. > Previously: Only installing needed packages as binaries via pkg_add. > > Now: The thought is that the third-party packages being used > by the server should be kept up to date. If there are security related patches or things needed to be fixed, that the package works as it should, you can simple run pkg_add -iu > databases/mariadb,-main # 10.0.32v1 -> 10.0.33v1 > databases/mariadb,-server # 10.0.32v1 -> 10.0.33v1 > ... The question is, do you need the things which are provided from this new versions - for security see above. > complain when running 'make update' (in this case mariadb). e.g.: > Fatal: /usr/ports/pobj must be on a wxallowed filesystem\ > (in lang/python/2.7) You can add wxallowed to a already mounted filesystem using mount(8). > Is it not worth it to update ports in this way; meaning, is it better > to simply wait for OpenBSD6.3 and stick with binary packages only > (as recommended on the openbsd.org site)? That depends on your requirements. See above. > Also, is there an easy/sane way to remove packages that were only > required for building once the ports have been updated? A port is a package. See make clean and so on for builded ports and pkg_delete -a for packages. IMHO Who say, that something unneeded is installed ? It also has no effect to the system if build deps. are kept in the ports tree.
