On 2018-10-11 17:48, Alec Warner wrote:
> This thread is missing a bunch of context...so I'll try to add it I guess.

All you need to know in this commit message, included linked bug report
for more details. :)


> I can't tell if the complaint is that:
> 
> 1) Someone blind-stabled something on arm and it broke (doesn't build?)
> 2) The arm team failed to mark a package stable before a hard deadline
> (DNSSEC key rotation)
> 
> I presume its the latter? Whats the impact? All DNS, or only DNSSEC
> validated entries?

It's the latter. It will affect anyone running an own DNS resolver like
net-dns/unbound on ARM with DNSSEC enabled (not default) using keys
provided by net-dns/dnssec-root package.

Of course anyone familiar with DNSSEC or unbound maybe knows how to
workaround:

  - Enable auto-anchor update; However it is too late to do that know,
    it will take ~30 days until the new learned key will become trusted.
    Same applies to any *new* setup within last 30 days.

  - Use unbound-anchor tool to force a manual immediate update.

  - Disable DNSSEC validation.

But that's not the point here. The point was to get some attention that
again we have a lacking architecture (net-dns/dnssec-root is not the
only package where ARM arch team is lacking behind) which affects anyone
"trusting" somehow in STABLE keywords.

If everyone is using ~ARCH and don't care about STABLE keywords, well,
we could save a bunch of time, energy...


-- 
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5