> On 23 May 2022, at 9:59 pm, Steven Smith <steve.t.sm...@gmail.com> wrote:
>
>
>>
>> What has changed between the time that the buildbot built the package and
>> the time that the user installs it?
>
> The certs in curl-ca-bundle are updated regularly to clear out expired certs.
>
> Per the previous discussion, privoxy-pki-bundle uses these certs via a
> depends_lib, and unless a port revision is added by hand, the port inevitably
> will contain expired certs.
>
> The “solution” appears to be to bump the revision of privoxy-pki-bundle by
> hand whenever curl-ca-bundle is updated. I’m trying to identify a more
> automated and robust way of accomplishing that.
The simple solution then is to just put a comment into the curl-ca-bundle port
next to the version/revision asking whomever updates it to bump the revision of
privoxy-pki-bundle at the same time. This simple but generally effective
solution is used in a number of ports with similar situations and works well
most of the time. I see no need to do anything more complex here, particularly
not to automate things such that the same port file installs different things
at different times. That lack of reproducibility is definitely not wanted.
Chris
