On Thu, 11 Oct 2018 17:10:10 +0200 Thomas Deutschmann <whi...@gentoo.org> wrote:
> Let me quote > https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6f6bb91b7f134a121ef9fa1dd504b9ca52c5aa8: > > > net-dns/dnssec-root: Blind stable on arm, critical bug 667774 > > > > Note that this is a major fail for a stable architecture. > > In addition, all arm devboxes are currently offline. > > > > Bug: https://bugs.gentoo.org/667774 > > Signed-off-by: Andreas K. Hüttel <dilfri...@gentoo.org> > > Package-Manager: Portage-2.3.49, Repoman-2.3.11 > > ...and now let's all sit down and enjoy how stable ARM users lose access > to the Internet and have to figure out how to deactivate DNSSEC to get > back online. ;] > > Maybe it is time to destabilize ARM on Gentoo to stop the impression > that we really support ARM. [ CC: arm@ ] A few points to think about: 1. I have read this as a direct statement that ARM is not maintained. I don't think it is a fair (or constructive) assessment of team's work on ARM front. 2. The bug was created less than a week ago and was not communicated explicitly as urgent on #gentoo-arm. I see failure to handle the bug as a communication failure and not a team's death signal. Were there any attempts to reach out to the teams or just arm users? 3. I do not believe arm boxes (or most of users' boxes) update @world weekly and restart unbound automatically. Deadline of a few days is not feasible to propagate to users quickly. There is frequently no order-of-days response from arch teams. It would be nice to have but it's not realistic (IMO). 4. net-dns/dnssec-root is used by a single(ish) package in tree: net-dns/unbound Which is: not a system package, not a default package, not suggested by handbook package, can operate without DNSSEC enabled. While annoying it's not going to lock users out or corrupt their data. I don't think state of this package is characteristic of ARM support in Gentoo. 5. net-dns/dnssec-root is a plain-text file package. It should have been ALLARCHES stablewithout involvement of arm@. 6. If this package is so important it needs to be stable months before keys expire. Then users would have a chance to get the update during casual update. Or net-dns/unbound DNSSEC functionality should not be marked stable anywhere if package requires periodic manual intervention to just keep working. -- Sergei
