On Tue, May 01, 2018 at 06:09:59PM +0300, IL Ka wrote:
> >
> > So you're now on a custom built python and are unable to use standard
> 
> pkg_add upgrades to new versions. I'd say that on balance, this is more
> > likely to *reduce* your security.
> 
> 
> I built it from ports, so I can update it using standard port update
> procedure.
> Since packages are built from ports, the only difference between default
> package
> and my package is wxneeded header.
> 
> However, using ports instead of pkg_add is painful.
> 
> To the topic starter:
> It seems that I am the only person on this list who uses this approach.
> Everyone else (including openbsd veterans) argue against it,
> that means I am probably wrong..

It's wrong to get rid of USE_WXNEEDED in Python while there are
Python modules which rely on W|X. What you suggest (and I suggested
this winter) is not a solution, it only causes more harm.

I have a plan how to completely get rid of wxallowed mount option,
but I am not yet skilled to fix W|X ports, especially the ones
written in C++ (I've started learning C++ recently).

Meanwhile you may do the thing I did this winter: use ports
instead of pkg_add to get Python binary without W|X

Reply via email to