1 |
On Thu, 11 Oct 2018 17:10:10 +0200 |
2 |
Thomas Deutschmann <whissi@g.o> wrote: |
3 |
|
4 |
> Let me quote https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6f6bb91b7f134a121ef9fa1dd504b9ca52c5aa8: |
5 |
> |
6 |
> > net-dns/dnssec-root: Blind stable on arm, critical bug 667774 |
7 |
> > |
8 |
> > Note that this is a major fail for a stable architecture. |
9 |
> > In addition, all arm devboxes are currently offline. |
10 |
> > |
11 |
> > Bug: https://bugs.gentoo.org/667774 |
12 |
> > Signed-off-by: Andreas K. Hüttel <dilfridge@g.o> |
13 |
> > Package-Manager: Portage-2.3.49, Repoman-2.3.11 |
14 |
> |
15 |
> ...and now let's all sit down and enjoy how stable ARM users lose access |
16 |
> to the Internet and have to figure out how to deactivate DNSSEC to get |
17 |
> back online. ;] |
18 |
> |
19 |
> Maybe it is time to destabilize ARM on Gentoo to stop the impression |
20 |
> that we really support ARM. |
21 |
|
22 |
[ CC: arm@ ] |
23 |
|
24 |
A few points to think about: |
25 |
|
26 |
1. I have read this as a direct statement that ARM is not maintained. |
27 |
I don't think it is a fair (or constructive) assessment of team's work |
28 |
on ARM front. |
29 |
|
30 |
2. The bug was created less than a week ago and was not communicated |
31 |
explicitly as urgent on #gentoo-arm. I see failure to handle the bug |
32 |
as a communication failure and not a team's death signal. |
33 |
|
34 |
Were there any attempts to reach out to the teams or just arm users? |
35 |
|
36 |
3. I do not believe arm boxes (or most of users' boxes) update @world weekly |
37 |
and restart unbound automatically. Deadline of a few days is not feasible |
38 |
to propagate to users quickly. There is frequently no order-of-days response |
39 |
from arch teams. It would be nice to have but it's not realistic (IMO). |
40 |
|
41 |
4. net-dns/dnssec-root is used by a single(ish) package in tree: net-dns/unbound |
42 |
|
43 |
Which is: not a system package, not a default package, not suggested by handbook |
44 |
package, can operate without DNSSEC enabled. |
45 |
|
46 |
While annoying it's not going to lock users out or corrupt their data. I don't |
47 |
think state of this package is characteristic of ARM support in Gentoo. |
48 |
|
49 |
5. net-dns/dnssec-root is a plain-text file package. It should have been ALLARCHES |
50 |
stablewithout involvement of arm@. |
51 |
|
52 |
6. If this package is so important it needs to be stable months before keys expire. |
53 |
Then users would have a chance to get the update during casual update. Or |
54 |
net-dns/unbound DNSSEC functionality should not be marked stable anywhere |
55 |
if package requires periodic manual intervention to just keep working. |
56 |
|
57 |
-- |
58 |
|
59 |
Sergei |