| 1 |
On Thu, 11 Oct 2018 17:10:10 +0200 |
| 2 |
Thomas Deutschmann <whissi@g.o> wrote: |
| 3 |
|
| 4 |
> Let me quote https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6f6bb91b7f134a121ef9fa1dd504b9ca52c5aa8: |
| 5 |
> |
| 6 |
> > net-dns/dnssec-root: Blind stable on arm, critical bug 667774 |
| 7 |
> > |
| 8 |
> > Note that this is a major fail for a stable architecture. |
| 9 |
> > In addition, all arm devboxes are currently offline. |
| 10 |
> > |
| 11 |
> > Bug: https://bugs.gentoo.org/667774 |
| 12 |
> > Signed-off-by: Andreas K. Hüttel <dilfridge@g.o> |
| 13 |
> > Package-Manager: Portage-2.3.49, Repoman-2.3.11 |
| 14 |
> |
| 15 |
> ...and now let's all sit down and enjoy how stable ARM users lose access |
| 16 |
> to the Internet and have to figure out how to deactivate DNSSEC to get |
| 17 |
> back online. ;] |
| 18 |
> |
| 19 |
> Maybe it is time to destabilize ARM on Gentoo to stop the impression |
| 20 |
> that we really support ARM. |
| 21 |
|
| 22 |
[ CC: arm@ ] |
| 23 |
|
| 24 |
A few points to think about: |
| 25 |
|
| 26 |
1. I have read this as a direct statement that ARM is not maintained. |
| 27 |
I don't think it is a fair (or constructive) assessment of team's work |
| 28 |
on ARM front. |
| 29 |
|
| 30 |
2. The bug was created less than a week ago and was not communicated |
| 31 |
explicitly as urgent on #gentoo-arm. I see failure to handle the bug |
| 32 |
as a communication failure and not a team's death signal. |
| 33 |
|
| 34 |
Were there any attempts to reach out to the teams or just arm users? |
| 35 |
|
| 36 |
3. I do not believe arm boxes (or most of users' boxes) update @world weekly |
| 37 |
and restart unbound automatically. Deadline of a few days is not feasible |
| 38 |
to propagate to users quickly. There is frequently no order-of-days response |
| 39 |
from arch teams. It would be nice to have but it's not realistic (IMO). |
| 40 |
|
| 41 |
4. net-dns/dnssec-root is used by a single(ish) package in tree: net-dns/unbound |
| 42 |
|
| 43 |
Which is: not a system package, not a default package, not suggested by handbook |
| 44 |
package, can operate without DNSSEC enabled. |
| 45 |
|
| 46 |
While annoying it's not going to lock users out or corrupt their data. I don't |
| 47 |
think state of this package is characteristic of ARM support in Gentoo. |
| 48 |
|
| 49 |
5. net-dns/dnssec-root is a plain-text file package. It should have been ALLARCHES |
| 50 |
stablewithout involvement of arm@. |
| 51 |
|
| 52 |
6. If this package is so important it needs to be stable months before keys expire. |
| 53 |
Then users would have a chance to get the update during casual update. Or |
| 54 |
net-dns/unbound DNSSEC functionality should not be marked stable anywhere |
| 55 |
if package requires periodic manual intervention to just keep working. |
| 56 |
|
| 57 |
-- |
| 58 |
|
| 59 |
Sergei |
Archives