[snazz]

Does this mean that I can’t startx on a machine that I rarely use X on? Is a display manager now required for running X?

From a security standpoint this makes sense, of course, but how are you supposed to deal with a half-desktop-half-server system?

[crest]

No. It just means that startx no longer requires root to start X. It removes setuid root from one more executable.

[zmyrgel]

I thought it means exactly that for X you need to run xenodm. But if you don't want to run it by default you can use "doas rcctl start -f xenodm" to start display manager when needed.

[snazz]

Even better. Then it’s a win-win.

[snazz]

I was incorrect: It appears that you do in fact need root to run startx now:

(quoting the faq page for upgrade65):

Xorg(1). The Xorg binary is no longer installed setuid, so startx(1) can no longer be used by non-root users. The xenodm(1) display manager has to be used instead.

[mises]

You can still do this, just through the command mentioned above. SUID binaries are a serious risk; good on the openbsd folks for trying to remove one.