From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 632F6138334 for ; Thu, 11 Oct 2018 17:14:15 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 55550E091D; Thu, 11 Oct 2018 17:14:12 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DAB9CE091A for ; Thu, 11 Oct 2018 17:14:11 +0000 (UTC) Received: from [IPv6:2001:4dd3:894d:0:bcee:5e53:df58:eb81] (2001-4dd3-894d-0-bcee-5e53-df58-eb81.ipv6dyn.netcologne.de [IPv6:2001:4dd3:894d:0:bcee:5e53:df58:eb81]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: whissi) by smtp.gentoo.org (Postfix) with ESMTPSA id 84B55335CEF for ; Thu, 11 Oct 2018 17:14:08 +0000 (UTC) Subject: Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774 To: gentoo-dev@lists.gentoo.org References: <673fa7bc-c3f6-9c76-5675-783754ce3e9a@gentoo.org> From: Thomas Deutschmann Openpgp: preference=signencrypt Autocrypt: addr=whissi@gentoo.org; prefer-encrypt=mutual; keydata= xsFNBFc4iggBEACg/drq2pkXyE0mO7cqfaH5UX9D2A8uaBWHcgVPZdf+bVlc7gT1b/TJgFBO yCecB1j9ReWWAE55nwraFL7+5XofRnwVzC3PglN/M/F02fudCeEkFfDtH65DZ67LV0QqXOZ7 e2aqD1NxJM1ydcehIoxgESiv8ctMCcb5Jui2A7vddxEBouQqJKDVqXqANEiBrtd0x4+noRC3 07BN80SgUiwuSJp8Y9+LSdKWGxiDxFAQygDlLWu1QIOg2PUjrM1ZtKCii8IcbnhsEPZj0jcQ f/omIHaksyfMdx6lHfSUZzzLQm41nhWlgYUxzW4D8Nh+ka51FIIWRWwNJTXQNpU8s32AT+rr K2hyNY0F+hnCRc0gUJtAACPZYNYNMlTCIb5yLKo5qoRKcHkAI3vAPEsPO8nmpYaxhI+9PwWJ 9BMaOZ0PjN5P5p0ierOd3yjuu0CIx+yirAvZMZYLx3HylFmuIke5GfcfzTuZhgRL1yoaftCH B0zTc1Rmfgk5dLOPeApgH4E8k3K7OIagzpMXjPsyvdBdI2z/j8unZNvPT5uMCAA9yP7TxijH JeNa6MZyDebzfF+QTK1tOL5pWZolCFKOULHIWK9nX2B3/JJ4r7+5wUmob5UCjKCxjK9xunY5 8TzbpaV517MaLVk1kYuFRptqwRYRJ45l1+qcYwkhUcC+qg06PQARAQABzStUaG9tYXMgRGV1 dHNjaG1hbm4gPHRob21hc0BkZXV0c2NobWFubi5iaXo+wsGABBMBCgAqAhsAAh4BAheABQkH hiUCBQsJCAcDBRUKCQgLBRYDAgEABQJXOfYKAhkBAAoJEFhJfuUdXXSlwnQQAIDi4tsMwzw5 ZY3wSs+E6c37W6i2WGgHvN6MOCxR6qthV3fVL3Q4E4EV8DoGHLLA8rs/OYbJs1aSxF8Omlys +sFiVysrMz1NNL7MGbZ/Ov1CpQqRH+6LFzVVcf3dBGqsI3kXg9aUNw2zETIj0ZyCb+VKZ3yC 1DOVFlmGjaH3DtPCJrfEGfcaweFyn2Azljaot9Dg0ExzmAqwohESQNCfSBYhUC0Mc0HiRtzd 1pTIVSmFDTToztnofsLrkMpciNGaj6D7Mm1hZpI41K4IQ6ZKcJDtWduisYNzgafVWvxtGhpY oAVWmO353WafGpbeoP6IVbHQhIcS1JuN1Sn+lM4QtV0GgSgL5j3OtKmRKNiAcZpHX800TX2V 8yUZN3dj2PMU7fzdnVM0MXNwAvOdcckco5zVExn3OHfTxyrUIyEysj01EKCQdZerWjRLnQ7B QR4ff851B+Sl92tVMPBch8WYVZNTwDzsqzKROAe2UnOCTQoVY7OXh6gRblqGuzllMyQ2bZUP V5XLKDpmysb/y43QKSY5aeO8SOKOv+b8kWAXSKzzXnteErhKeAlDm1PKuAfkjq4swOe3nci4 r1r34Ss03Xgt3cJ6Ep3K87qjlLLDwRVyGEgyDiDItHdyEyLGA44pmWLAJzttHMSt3d9/FsTI 2jwwH9GRFg3oMS9PsEURYIU8zsFNBFc4ixMBEADHHlLOkftcSY+jWd9Vb3uHpPGIpztqU/jd 4mPZvrQGIlZYMO+uGtJuDQVdohQHugNvvnr9hfBYDGlhyAYlRIGkFLdZbsim+An+FGr5+f/P tHikILc0X+FbO8bAc0OjNfUlFaTXeKdEBTtdNiO+0WYWw8CtgTEpng+178q4UnTBae1QiBh5 3YmW0H4t8HQEN/NDuVXEREQXwOtJcP9fxDVdP/ynwHbGajx+qbWaQhcHo57XXIsojH5XoEr9 yvviQW6F2tzp/i88YQ1snTVI0G39TzQO2EJbSQpYUptI0PGSUlMbkm4i46XHFO0q15aQSfAg Eh5NWWzwVel7qDO1YmXb49nhg60MmceAhk+1VGxpuA3RNl6hebYzYdQplDo8EJp1MCt+Z4Lt /tzb+smTFRMyE80QzehOSyvIWCSoGmWY4Njc90AV/P/hSXYQqbuRb3sB3PlPGda7ZwPsoh2A WZU331jeBWwB9YnUJFXP4jGbnpXjHO3+RkRL2A39ZzFki751sPpC3jv0sxJhLBOkJlC+VI/7 t5ODzWElimA8Py1VmZfd2C9eBHYU4Eeay1EN7nl75Hsj2436dH9O45uIl838KNXWd4S+7/P5 NqWir9HjnhQwbaLZdJwJKjzDE9u4JvnAP0gmkqYIaNSAM9WfCA11LavNKJjaJNCc4Zkr2+w4 OQARAQABwsF8BBgBCgAmAhsMFiEExN1pX6cTjyQqoVY4WEl+5R1ddKUFAlrJMcoFCQWj8zcA CgkQWEl+5R1ddKW+Qw/+O/saVmYgBdWDc6Y2BzaOA3kRwixAGjMU2VMO5WifG2WkA1zd0kcY 1nR5XKosu/yLWX1WWde8Wh57BDD418JYMSnNyG976OXAeAgWuzmn+xtM8Tw2bHHCNVfCEqBl yS+lAdrXR3kIiJ/Ebr5EogsEZvVW9gowPoNIrzeXFYKqGGVc5Z4dQDgVRq7jgta6LJgOVYdP z6mrLTdjo4lIlC7U/w/dPBWUd0sn8XmtU5vbAfvgf9dfZtXGYnyI64EGr6I6oVyFj8QO/Ffo G/r+glBettColfcT7IiHUMb9i11Sd/FPsL/0EIHWG+a4JTg3QzAODMHF14BLpuqDElV5HlzX e9LafsH45PH/EvAxCNuOj6P1E4bPOHwD0Fhgia7YXi2OJVes9hWy8IrEgwUEDQQIFtECxdFa nkWlKiYyb9v+nqrjtugh6s6OicvAhnvhESky/QSr747tEnOAFTNYXXtz1BRvTu/tcyBK0m51 jW1Gwax+9ooGCnNEF2KknaW/NyLo4mFdvSOJOehcwOHn73G04GHSQSs6+f8Oy7GOriQCdwao aGduFUuKKOR05r5tstZHpuIW9mlL44LXzGQEEt6INpS0ha2XD28+ojXko2hPt7YgbTqOsFnT 34feWglZ58mWE7UyHEVXYeMIWqtQptgCf5fNc36jGay6gt0aLFlgy48= Organization: Gentoo Foundation, Inc Message-ID: <95271f29-6c3c-1b9c-f12b-96c467b8bdec@gentoo.org> Date: Thu, 11 Oct 2018 19:14:00 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101 Thunderbird/52.9.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="eQdeum8otyW7NFirja8n21PKJUcky0GBC" X-Archives-Salt: 22d90d16-69e2-4f5e-b693-8a92dfff6766 X-Archives-Hash: bd70919f05f7421af949c939dfa324b0 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --eQdeum8otyW7NFirja8n21PKJUcky0GBC Content-Type: multipart/mixed; boundary="XaWQL4t6wuaEwEUQPd6BVHn2yLxQi4Q0p"; protected-headers="v1" From: Thomas Deutschmann To: gentoo-dev@lists.gentoo.org Message-ID: <95271f29-6c3c-1b9c-f12b-96c467b8bdec@gentoo.org> Subject: Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774 References: <673fa7bc-c3f6-9c76-5675-783754ce3e9a@gentoo.org> In-Reply-To: --XaWQL4t6wuaEwEUQPd6BVHn2yLxQi4Q0p Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2018-10-11 17:48, Alec Warner wrote: > This thread is missing a bunch of context...so I'll try to add it I gue= ss. All you need to know in this commit message, included linked bug report for more details. :) > I can't tell if the complaint is that: >=20 > 1) Someone blind-stabled something on arm and it broke (doesn't build?)= > 2) The arm team failed to mark a package stable before a hard deadline > (DNSSEC key rotation) >=20 > I presume its the latter? Whats the impact? All DNS, or only DNSSEC > validated entries? It's the latter. It will affect anyone running an own DNS resolver like net-dns/unbound on ARM with DNSSEC enabled (not default) using keys provided by net-dns/dnssec-root package. Of course anyone familiar with DNSSEC or unbound maybe knows how to workaround: - Enable auto-anchor update; However it is too late to do that know, it will take ~30 days until the new learned key will become trusted. Same applies to any *new* setup within last 30 days. - Use unbound-anchor tool to force a manual immediate update. - Disable DNSSEC validation. But that's not the point here. The point was to get some attention that again we have a lacking architecture (net-dns/dnssec-root is not the only package where ARM arch team is lacking behind) which affects anyone "trusting" somehow in STABLE keywords. If everyone is using ~ARCH and don't care about STABLE keywords, well, we could save a bunch of time, energy... --=20 Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 --XaWQL4t6wuaEwEUQPd6BVHn2yLxQi4Q0p-- --eQdeum8otyW7NFirja8n21PKJUcky0GBC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAlu/hNhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDEz MTI5MUNFOEY4QjBENzI2MDVDN0I5NDQ0RTZFQkRDOUJGNjA1NTkACgkQRObr3Jv2 BVmJ7ggAoFPVgrnKemrMfjTcDWhtxABNzuB/mTmLA0dxZLYcxDQSs2d6RKADPlwQ xqqgMmwKSHJxAMXQpk6gB4J/0xDl6zB0lzYPq2+6NAfvwSnBkqhOOGU1AvgjVRSR 6CNdiGVfBzo0IjAXpBU4DRG7vL+pfV6NlVzBH45hphBH0Z2iaC7s4jyI95pq7ubA rUGzQDUzhOH1I19T/o7/m/LrU4Lw8+Y55VhKIA3ya92QEayvZCmZoBp0HMJG9gjj UR9LF89VSGKKVkDTS3TC7MSsJt50Gz8pQ1DDlU2EkwOc1fE47IcWfN3e9V16UnCP ayqOdDGfqyKmyClNr/dtzoPSNiRsJg== =XU/R -----END PGP SIGNATURE----- --eQdeum8otyW7NFirja8n21PKJUcky0GBC--