From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5063C138334 for ; Fri, 12 Oct 2018 10:07:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1483EE09C6; Fri, 12 Oct 2018 10:07:45 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BE306E09BF for ; Fri, 12 Oct 2018 10:07:44 +0000 (UTC) Received: from wim.jer (jer.xs4all.nl [212.238.182.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: jer) by smtp.gentoo.org (Postfix) with ESMTPSA id 2E28B335C67 for ; Fri, 12 Oct 2018 10:07:43 +0000 (UTC) Date: Fri, 12 Oct 2018 12:07:38 +0200 From: Jeroen Roovers To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774 Message-ID: <20181012120738.47b2a05d@wim.jer> In-Reply-To: <95271f29-6c3c-1b9c-f12b-96c467b8bdec@gentoo.org> References: <673fa7bc-c3f6-9c76-5675-783754ce3e9a@gentoo.org> <95271f29-6c3c-1b9c-f12b-96c467b8bdec@gentoo.org> Organization: Gentoo Foundation X-Mailer: Claws Mail 3.17.1 (GTK+ 2.24.32; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: 2ea1dbb9-38f4-4bae-b633-b78ab9d1c29e X-Archives-Hash: 27333eebd5049df2537b8dd07af182fc On Thu, 11 Oct 2018 19:14:00 +0200 Thomas Deutschmann wrote: > > 1) Someone blind-stabled something on arm and it broke (doesn't > > build?) 2) The arm team failed to mark a package stable before a > > hard deadline (DNSSEC key rotation) "Blind-stabled"... > But that's not the point here. The point was to get some attention > that again we have a lacking architecture (net-dns/dnssec-root is not > the only package where ARM arch team is lacking behind) which affects > anyone "trusting" somehow in STABLE keywords. The trustworthiness of stable keywords has been eroding for years. It started when ago@gentoo.org found ways to automate "compile-testing" on many architectures, taking work away from people who actually cared about those architectures, reducing arch team efforts to trying to catch up with ago's work. While it was a valiant effort to reduce architecture teams' backlogs, I couldn't stress enough at the time how taking decisions on behalf of all users of an architecture isn't something you can automate, for instance putting effort into stabilisations for (sets of) packages that may have ceased being useful on respective platforms, so that users would switch to cherry-picking their own stable targets instead of relying on stable keywords to still be meaningful. Where "compile-testing" failed as runtimes do not necessarily reflect that what is being compiled does actually work, architecture teams had to pick up those pieces of now incorrectly stable-keyworded packages that got strewn around in automation's wake. Even more recently a new trend arose where just about anybody who maintains a package takes stabilisation decisions, usually citing some "all arches" policy, and in this case "blind-stabled", on behalf of architecture teams. This new direction is likely based on the same backlog pressure[0], a sense of emergency because of security issues, and the desire to clean up obsolete ebuilds. Having mostly stepped away from concerted stabilisation efforts myself for those reasons among others, I can only speak for myself in stating that my trust in stable keywords is at its lowest ever ebb. Kind regards, jer [0] Wait, didn't we get rid of that? Ah no, the automation effort reduced architecture team involvement to the point of being non-existent.