From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CEE35138334 for ; Thu, 11 Oct 2018 23:38:13 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5EFDAE08A2; Thu, 11 Oct 2018 23:38:08 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 118EAE07EC for ; Thu, 11 Oct 2018 23:38:07 +0000 (UTC) Received: from sf (trofi-1-pt.tunnel.tserv1.lon2.ipv6.he.net [IPv6:2001:470:1f1c:a0f::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: slyfox) by smtp.gentoo.org (Postfix) with ESMTPSA id 9315F335CCD; Thu, 11 Oct 2018 23:38:04 +0000 (UTC) Date: Fri, 12 Oct 2018 00:38:01 +0100 From: Sergei Trofimovich To: gentoo-dev@lists.gentoo.org Cc: arm@gentoo.org Subject: Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774 Message-ID: <20181012003801.61bae709@sf> In-Reply-To: <673fa7bc-c3f6-9c76-5675-783754ce3e9a@gentoo.org> References: <673fa7bc-c3f6-9c76-5675-783754ce3e9a@gentoo.org> X-Mailer: Claws Mail 3.17.1 (GTK+ 2.24.32; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 48fe90cd-a5a3-4679-9354-9739f9c11c38 X-Archives-Hash: bbf3af9bb7f889b5d141bc4dbd8b5bf9 On Thu, 11 Oct 2018 17:10:10 +0200 Thomas Deutschmann wrote: > Let me quote https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3Df6f6b= b91b7f134a121ef9fa1dd504b9ca52c5aa8: >=20 > > net-dns/dnssec-root: Blind stable on arm, critical bug 667774 > >=20 > > Note that this is a major fail for a stable architecture. > > In addition, all arm devboxes are currently offline. > >=20 > > Bug: https://bugs.gentoo.org/667774 > > Signed-off-by: Andreas K. H=C3=BCttel > > Package-Manager: Portage-2.3.49, Repoman-2.3.11 >=20 > ...and now let's all sit down and enjoy how stable ARM users lose access > to the Internet and have to figure out how to deactivate DNSSEC to get > back online. ;] >=20 > Maybe it is time to destabilize ARM on Gentoo to stop the impression > that we really support ARM. [ CC: arm@ ] A few points to think about: 1. I have read this as a direct statement that ARM is not maintained. I don't think it is a fair (or constructive) assessment of team's work on ARM front. 2. The bug was created less than a week ago and was not communicated explicitly as urgent on #gentoo-arm. I see failure to handle the bug as a communication failure and not a team's death signal. Were there any attempts to reach out to the teams or just arm users? 3. I do not believe arm boxes (or most of users' boxes) update @world weekly and restart unbound automatically. Deadline of a few days is not feasible to propagate to users quickly. There is frequently no order-of-days resp= onse from arch teams. It would be nice to have but it's not realistic (IMO). 4. net-dns/dnssec-root is used by a single(ish) package in tree: net-dns/un= bound Which is: not a system package, not a default package, not suggested by = handbook package, can operate without DNSSEC enabled. While annoying it's not going to lock users out or corrupt their data. I= don't think state of this package is characteristic of ARM support in Gentoo. 5. net-dns/dnssec-root is a plain-text file package. It should have been AL= LARCHES stablewithout involvement of arm@. 6. If this package is so important it needs to be stable months before keys= expire. Then users would have a chance to get the update during casual update. Or net-dns/unbound DNSSEC functionality should not be marked stable anywhere if package requires periodic manual intervention to just keep working. --=20 Sergei