On Tue, May 01, 2018 at 06:09:59PM +0300, IL Ka wrote: > > > > So you're now on a custom built python and are unable to use standard > > pkg_add upgrades to new versions. I'd say that on balance, this is more > > likely to *reduce* your security. > > > I built it from ports, so I can update it using standard port update > procedure. > Since packages are built from ports, the only difference between default > package > and my package is wxneeded header. > > However, using ports instead of pkg_add is painful. > > To the topic starter: > It seems that I am the only person on this list who uses this approach. > Everyone else (including openbsd veterans) argue against it, > that means I am probably wrong..
It's wrong to get rid of USE_WXNEEDED in Python while there are Python modules which rely on W|X. What you suggest (and I suggested this winter) is not a solution, it only causes more harm. I have a plan how to completely get rid of wxallowed mount option, but I am not yet skilled to fix W|X ports, especially the ones written in C++ (I've started learning C++ recently). Meanwhile you may do the thing I did this winter: use ports instead of pkg_add to get Python binary without W|X
