On 2017-11-09, Christoph R. Murauer <[email protected]> wrote: > If I understood your question correct ... > >> Running: OpenBSD6.2-release >> >> Goal: To run a secure and functional web server. >> (the server is currently up and running and used by >> the public at large) > > If you apply the patches from the errata page using syspatch(8) (if > you are on i386 / amd64) then you have a up to date and secure -stabe > installation. > >> Previously: Only installing needed packages as binaries via pkg_add. >> >> Now: The thought is that the third-party packages being used >> by the server should be kept up to date. > > If there are security related patches or things needed to be fixed, > that the package works as it should, you can simple run pkg_add -iu
You can do this *if* you have a source of updated packages, e.g. via mtier's openup, or packages that you've built yourself. >> databases/mariadb,-main # 10.0.32v1 -> 10.0.33v1 >> databases/mariadb,-server # 10.0.32v1 -> 10.0.33v1 >> ... > > The question is, do you need the things which are provided from this > new versions - for security see above. Those are security updates. -stable doesn't get "normal" version updates.
