Upgrades can be less manual these days if you follow the release (not current): syspatch will apply binary patches for the errata. If you are prepared to trust M:Tier, they provide a script called openup that will also patch packages for the current stable release.

But each to his/her own.