Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On Sat, Oct 20, 2018 at 8:19 AM Andreas Sturmlechner wrote: > > On Freitag, 12. Oktober 2018 14:50:55 CEST Rich Freeman wrote: > > ARM is not a Gentoo security supported arch. > > > > If the ARM maintainers feel that stable keywords make the lives of > > their users better, and it isn't causing problems for anybody else, > > I'm not sure why we should be interfering with this. > > That's interesting. If it's not security supported, does that mean we can > simply clean up vulnerable versions and drop every arm revdep to ~arm? > > Or are we supposed to keep vulnerable versions around and drop every keyword > except arm? > Setting aside the security supported flag that was already discussed, there is also a council decision regarding this general topic [1]. The only issue is that I'm not certain if it was intended to apply to ARM, or only to specific arches [2]. The last policy was: "If a maintainer has an open STABLEREQ, or a KEYWORDREQ blocking a pending STABLEREQ, for 90 days with archs CCed and otherwise ready to be stabilized, the maintainer can remove older versions of the package at their discretion. A package is considered ready to be stabilized if it has been in the tree for 30 days, and has no known major flaws on arches that upstream considers supported." [1] IMO that was written generically enough that it could apply anywhere, but that is up to the Council. In theory it could even be safely applied to x86/amd64, especially since maintainers can self-stabilize/keyword on those arches typically. [1] - https://projects.gentoo.org/council/meeting-logs/20131119-summary.txt [2] - https://projects.gentoo.org/council/meeting-logs/20130917-summary.txt -- Rich
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On 20.10.2018 15:26, Andreas Sturmlechner wrote: > On Samstag, 20. Oktober 2018 14:22:04 CEST Mikle Kolyada wrote: >> No, keywords status is irrelevant, it is for the security team meaning >> that they can >> release a glsa w/o waiting for the stabilization of the security >> unsupported arches > In my experience glsa only happens after cleanup, and cleanup only happens > after every arch was done. > > > that's not mandatory, that is what security support means
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On Samstag, 20. Oktober 2018 14:22:04 CEST Mikle Kolyada wrote: > No, keywords status is irrelevant, it is for the security team meaning > that they can > release a glsa w/o waiting for the stabilization of the security > unsupported arches In my experience glsa only happens after cleanup, and cleanup only happens after every arch was done.
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On 20.10.2018 15:19, Andreas Sturmlechner wrote: > On Freitag, 12. Oktober 2018 14:50:55 CEST Rich Freeman wrote: >> ARM is not a Gentoo security supported arch. >> >> If the ARM maintainers feel that stable keywords make the lives of >> their users better, and it isn't causing problems for anybody else, >> I'm not sure why we should be interfering with this. > That's interesting. If it's not security supported, does that mean we can > simply clean up vulnerable versions and drop every arm revdep to ~arm? > > Or are we supposed to keep vulnerable versions around and drop every keyword > except arm? > > Either way means extra care for this arch. > > > > No, keywords status is irrelevant, it is for the security team meaning that they can release a glsa w/o waiting for the stabilization of the security unsupported arches signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On Freitag, 12. Oktober 2018 14:50:55 CEST Rich Freeman wrote: > ARM is not a Gentoo security supported arch. > > If the ARM maintainers feel that stable keywords make the lives of > their users better, and it isn't causing problems for anybody else, > I'm not sure why we should be interfering with this. That's interesting. If it's not security supported, does that mean we can simply clean up vulnerable versions and drop every arm revdep to ~arm? Or are we supposed to keep vulnerable versions around and drop every keyword except arm? Either way means extra care for this arch.
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On Thu, Oct 11, 2018 at 1:14 PM Thomas Deutschmann wrote: > > But that's not the point here. The point was to get some attention that > again we have a lacking architecture (net-dns/dnssec-root is not the > only package where ARM arch team is lacking behind) which affects anyone > "trusting" somehow in STABLE keywords. ARM is not a Gentoo security supported arch. If the ARM maintainers feel that stable keywords make the lives of their users better, and it isn't causing problems for anybody else, I'm not sure why we should be interfering with this. > > If everyone is using ~ARCH and don't care about STABLE keywords, well, > we could save a bunch of time, energy... > Is this costing YOU any time/energy? If not, why do you care? This thread seems to be devolving into another debate about the purpose of stable, and I'm mainly seeing arguments that have come up countless times already. Most of these arguments tend to point out things that are perceived as being wrong with stable as it currently exists. Most of these arguments are probably posted by people who don't even run stable, let alone maintain it. If somebody wants to actually "fix" stable IMO the best way to go about that is to create a proposal for something new that people will get behind. Gentoo tends to move forward by creating new things, not by arguing about what is broken with old things. What solution is even being proposed? Tell devs they're not allowed to work on stable? That doesn't mean that their next thoughts will be "wow, since I'm not allowed to spend 10 hours per week working on something I cared about, I guess I'll spend those 10 hours per week working on something that somebody else cares about." If it makes Gentoo less useful to them personally, they're just as likely to just drop other contributions they make on the side as they look for better solutions. IMO when stable teams create issues for maintainers by not being responsive to bugs then this needs to be dealt with. However, the Council has already allowed maintainers to drop stable keywords when this happens, and I imagine they'd be responsive to dealing with issues that are more sustained. -- Rich
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On Thu, 11 Oct 2018 19:14:00 +0200 Thomas Deutschmann wrote: > > 1) Someone blind-stabled something on arm and it broke (doesn't > > build?) 2) The arm team failed to mark a package stable before a > > hard deadline (DNSSEC key rotation) "Blind-stabled"... > But that's not the point here. The point was to get some attention > that again we have a lacking architecture (net-dns/dnssec-root is not > the only package where ARM arch team is lacking behind) which affects > anyone "trusting" somehow in STABLE keywords. The trustworthiness of stable keywords has been eroding for years. It started when a...@gentoo.org found ways to automate "compile-testing" on many architectures, taking work away from people who actually cared about those architectures, reducing arch team efforts to trying to catch up with ago's work. While it was a valiant effort to reduce architecture teams' backlogs, I couldn't stress enough at the time how taking decisions on behalf of all users of an architecture isn't something you can automate, for instance putting effort into stabilisations for (sets of) packages that may have ceased being useful on respective platforms, so that users would switch to cherry-picking their own stable targets instead of relying on stable keywords to still be meaningful. Where "compile-testing" failed as runtimes do not necessarily reflect that what is being compiled does actually work, architecture teams had to pick up those pieces of now incorrectly stable-keyworded packages that got strewn around in automation's wake. Even more recently a new trend arose where just about anybody who maintains a package takes stabilisation decisions, usually citing some "all arches" policy, and in this case "blind-stabled", on behalf of architecture teams. This new direction is likely based on the same backlog pressure[0], a sense of emergency because of security issues, and the desire to clean up obsolete ebuilds. Having mostly stepped away from concerted stabilisation efforts myself for those reasons among others, I can only speak for myself in stating that my trust in stable keywords is at its lowest ever ebb. Kind regards, jer [0] Wait, didn't we get rid of that? Ah no, the automation effort reduced architecture team involvement to the point of being non-existent.
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On Fri, 12 Oct 2018 02:40:38 +0200 Thomas Deutschmann wrote: > On 2018-10-12 01:38, Sergei Trofimovich wrote: > >> Maybe it is time to destabilize ARM on Gentoo to stop the impression > >> that we really support ARM. > > > > [ CC: arm@ ] > > > > A few points to think about: > > > > 1. I have read this as a direct statement that ARM is not maintained. > >I don't think it is a fair (or constructive) assessment of team's work > >on ARM front. > > See the ARM bug queue for stable requests. ARM is always last and behind > since we dropped HPPA. I agree it lags. I disagree it's not maintained (I disagree HPPA is not maintained either but let's leave it for another day). Let's wait for arm@ input. I'm CCing all members as listed in https://wiki.gentoo.org/wiki/Project:ARM directly: zerochaos@ [skip alicef@ (kernel stabilization)] blueness@ dilfridge@ dlan@ maekke@ nerdboy@ vapier@ xmw@ zlogene@ And asking a few the questions directly (zerochaos@ as a lead and the arm@ team): a) If you are not planning to do any arm@ work in short term can you remove yourself from project's wiki page? b) Can you update your status in arm project to mention if you are doing any stabilization work so people could contact you occasionally? c) Is it in your opinion worth keeping arm@ stable? (Do you use stable, do you expect people to use stable, etc.) Thanks! > > 2. The bug was created less than a week ago and was not communicated > >explicitly as urgent on #gentoo-arm. I see failure to handle the bug > >as a communication failure and not a team's death signal. > > > >Were there any attempts to reach out to the teams or just arm users? > > Bug was assigned highest priority in bugzilla. But it looks like ARM arch > team is ignoring set priority. I personally don't filter emails by priority either. I guess I should now :) > *I* didn't asked in #gentoo-arm but I pinged project several times in > #gentoo-dev channel. https://wiki.gentoo.org/wiki/Project:ARM explicitly lists #gentoo-arm. In my experience there are quite a few active users of arm. > Disclaimer: I am not the maintainer of unbound nor dnssec-root package. I took > action last week after I noticed that there was a time bomb ticking and > nobody cared. I fully agree that an updated dnssec-root package could have > been > made available one year ago giving everyone enough time... Do we do anything about it? Post GLSA, news item, gento-users@, anything to get users notified? Or just leave them uninformed? > > 4. net-dns/dnssec-root is used by a single(ish) package in tree: > > net-dns/unbound > > > >Which is: not a system package, not a default package, not suggested by > > handbook > >package, can operate without DNSSEC enabled. > > Unbound is a popular resolver and many Gentoo users are operating ARM-based > routers. I don't get your point. Of course you could disable DNSSEC and DNS > will resume working. But is this really your point? > > >While annoying it's not going to lock users out or corrupt their data. > > Right, it doesn't cause data corruption. But when your Gentoo-based router > will stop working this can be a problem. Don't forget about remote systems. > Again, people who know how to deal with problems like that aren't the > problem. But why do we care about stable packages if we assume that everyone > knows what to do when experiencing problems? My point that this bug is not critical. Broken software happens all the time. I can understand why you think otherwise. > > 5. net-dns/dnssec-root is a plain-text file package. It should have been > > ALLARCHES > >stablewithout involvement of arm@. > > It wasn't about dnssec-root package. Of course this could have been stabilized > under ALLARCHES policy. It wasn't because package has a new dependency > (>=dev-perl/XML-XPath-1.420.0 + deps) which was lacking stable keywords, too. > Thank you! That was not clear from the bug. > If ARM can keep up I am quiet. But please, be honest. We don't need another > HPPA. Nobody will win something if we tell world "ARM is a first class citizen > in Gentoo" when it isn't (anymore). But if people would know it is ~ARCH, we > would not disappoint expectations. I think arm@ is the best decider here. -- Sergei
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On Thu, Oct 11, 2018 at 4:38 PM Sergei Trofimovich wrote: > > On Thu, 11 Oct 2018 17:10:10 +0200 > Thomas Deutschmann wrote: > > > Let me quote > > https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6f6bb91b7f134a121ef9fa1dd504b9ca52c5aa8: > > > > > net-dns/dnssec-root: Blind stable on arm, critical bug 667774 > > > > > > Note that this is a major fail for a stable architecture. > > > In addition, all arm devboxes are currently offline. > > > > > > Bug: https://bugs.gentoo.org/667774 > > > Signed-off-by: Andreas K. Hüttel > > > Package-Manager: Portage-2.3.49, Repoman-2.3.11 > > > > ...and now let's all sit down and enjoy how stable ARM users lose access > > to the Internet and have to figure out how to deactivate DNSSEC to get > > back online. ;] > > > > Maybe it is time to destabilize ARM on Gentoo to stop the impression > > that we really support ARM. > > [ CC: arm@ ] > > A few points to think about: > > 1. I have read this as a direct statement that ARM is not maintained. >I don't think it is a fair (or constructive) assessment of team's work >on ARM front. It's maintained, but in my experience it's often the last architecture to handle a bug. Often by a wide margin. Take a look at the shapes these graphs: https://www.akhuettel.de/gentoo-bugs/arches.php maekke and zlogene do a lot of arm stabilizations, but I'm sure it's too much work for two people alone, especially if all the arm devboxes are offline (WTF?).
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On 2018-10-12 01:38, Sergei Trofimovich wrote: >> Maybe it is time to destabilize ARM on Gentoo to stop the impression >> that we really support ARM. > > [ CC: arm@ ] > > A few points to think about: > > 1. I have read this as a direct statement that ARM is not maintained. >I don't think it is a fair (or constructive) assessment of team's work >on ARM front. See the ARM bug queue for stable requests. ARM is always last and behind since we dropped HPPA. > 2. The bug was created less than a week ago and was not communicated >explicitly as urgent on #gentoo-arm. I see failure to handle the bug >as a communication failure and not a team's death signal. > >Were there any attempts to reach out to the teams or just arm users? Bug was assigned highest priority in bugzilla. But it looks like ARM arch team is ignoring set priority. *I* didn't asked in #gentoo-arm but I pinged project several times in #gentoo-dev channel. > 3. I do not believe arm boxes (or most of users' boxes) update @world weekly >and restart unbound automatically. Deadline of a few days is not feasible >to propagate to users quickly. There is frequently no order-of-days > response >from arch teams. It would be nice to have but it's not realistic (IMO). > > [...] > > 6. If this package is so important it needs to be stable months before keys > expire. >Then users would have a chance to get the update during casual update. Or >net-dns/unbound DNSSEC functionality should not be marked stable anywhere >if package requires periodic manual intervention to just keep working. Disclaimer: I am not the maintainer of unbound nor dnssec-root package. I took action last week after I noticed that there was a time bomb ticking and nobody cared. I fully agree that an updated dnssec-root package could have been made available one year ago giving everyone enough time... > 4. net-dns/dnssec-root is used by a single(ish) package in tree: > net-dns/unbound > >Which is: not a system package, not a default package, not suggested by > handbook >package, can operate without DNSSEC enabled. Unbound is a popular resolver and many Gentoo users are operating ARM-based routers. I don't get your point. Of course you could disable DNSSEC and DNS will resume working. But is this really your point? >While annoying it's not going to lock users out or corrupt their data. Right, it doesn't cause data corruption. But when your Gentoo-based router will stop working this can be a problem. Don't forget about remote systems. Again, people who know how to deal with problems like that aren't the problem. But why do we care about stable packages if we assume that everyone knows what to do when experiencing problems? > 5. net-dns/dnssec-root is a plain-text file package. It should have been > ALLARCHES >stablewithout involvement of arm@. It wasn't about dnssec-root package. Of course this could have been stabilized under ALLARCHES policy. It wasn't because package has a new dependency (>=dev-perl/XML-XPath-1.420.0 + deps) which was lacking stable keywords, too. If ARM can keep up I am quiet. But please, be honest. We don't need another HPPA. Nobody will win something if we tell world "ARM is a first class citizen in Gentoo" when it isn't (anymore). But if people would know it is ~ARCH, we would not disappoint expectations. -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On Thu, 11 Oct 2018 17:10:10 +0200 Thomas Deutschmann wrote: > Let me quote > https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6f6bb91b7f134a121ef9fa1dd504b9ca52c5aa8: > > > net-dns/dnssec-root: Blind stable on arm, critical bug 667774 > > > > Note that this is a major fail for a stable architecture. > > In addition, all arm devboxes are currently offline. > > > > Bug: https://bugs.gentoo.org/667774 > > Signed-off-by: Andreas K. Hüttel > > Package-Manager: Portage-2.3.49, Repoman-2.3.11 > > ...and now let's all sit down and enjoy how stable ARM users lose access > to the Internet and have to figure out how to deactivate DNSSEC to get > back online. ;] > > Maybe it is time to destabilize ARM on Gentoo to stop the impression > that we really support ARM. [ CC: arm@ ] A few points to think about: 1. I have read this as a direct statement that ARM is not maintained. I don't think it is a fair (or constructive) assessment of team's work on ARM front. 2. The bug was created less than a week ago and was not communicated explicitly as urgent on #gentoo-arm. I see failure to handle the bug as a communication failure and not a team's death signal. Were there any attempts to reach out to the teams or just arm users? 3. I do not believe arm boxes (or most of users' boxes) update @world weekly and restart unbound automatically. Deadline of a few days is not feasible to propagate to users quickly. There is frequently no order-of-days response from arch teams. It would be nice to have but it's not realistic (IMO). 4. net-dns/dnssec-root is used by a single(ish) package in tree: net-dns/unbound Which is: not a system package, not a default package, not suggested by handbook package, can operate without DNSSEC enabled. While annoying it's not going to lock users out or corrupt their data. I don't think state of this package is characteristic of ARM support in Gentoo. 5. net-dns/dnssec-root is a plain-text file package. It should have been ALLARCHES stablewithout involvement of arm@. 6. If this package is so important it needs to be stable months before keys expire. Then users would have a chance to get the update during casual update. Or net-dns/unbound DNSSEC functionality should not be marked stable anywhere if package requires periodic manual intervention to just keep working. -- Sergei
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On October 11, 2018 19:05:43 Thomas Deutschmann wrote: On 2018-10-11 17:45, Corentin “Nado” Pazdera wrote: What's a "blind stable"? I'm guessing stabilizing without testing? If yes, why? Yes, stabilized without testing. Reason: No ARM arch team member with access to an ARM box was available for the last ~7 days. However, this update is critical for anyone using something like net-dns/unbound with DNSSEC validation enabled (which isn't enabled by default but you are encourage to switch this on). And for unbound the time was over 30 days ago. Note that the new key will only be accepted by unbound if it has seen it for at least 30 days. -Marc -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On 2018-10-11 17:48, Alec Warner wrote: > This thread is missing a bunch of context...so I'll try to add it I guess. All you need to know in this commit message, included linked bug report for more details. :) > I can't tell if the complaint is that: > > 1) Someone blind-stabled something on arm and it broke (doesn't build?) > 2) The arm team failed to mark a package stable before a hard deadline > (DNSSEC key rotation) > > I presume its the latter? Whats the impact? All DNS, or only DNSSEC > validated entries? It's the latter. It will affect anyone running an own DNS resolver like net-dns/unbound on ARM with DNSSEC enabled (not default) using keys provided by net-dns/dnssec-root package. Of course anyone familiar with DNSSEC or unbound maybe knows how to workaround: - Enable auto-anchor update; However it is too late to do that know, it will take ~30 days until the new learned key will become trusted. Same applies to any *new* setup within last 30 days. - Use unbound-anchor tool to force a manual immediate update. - Disable DNSSEC validation. But that's not the point here. The point was to get some attention that again we have a lacking architecture (net-dns/dnssec-root is not the only package where ARM arch team is lacking behind) which affects anyone "trusting" somehow in STABLE keywords. If everyone is using ~ARCH and don't care about STABLE keywords, well, we could save a bunch of time, energy... -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On Thu, Oct 11, 2018 at 1:05 PM Thomas Deutschmann wrote: > On 2018-10-11 17:45, Corentin “Nado” Pazdera wrote: > > What's a "blind stable"? I'm guessing stabilizing without testing? If > > yes, why? > > Yes, stabilized without testing. > > Reason: No ARM arch team member with access to an ARM box was available > for the last ~7 days. > > However, this update is critical for anyone using something like > net-dns/unbound with DNSSEC validation enabled (which isn't enabled by > default but you are encourage to switch this on). > I think the narrative around this being a major issue is tougher when its not broken by default. This doesn't meant its a great outcome, but I'm not convinced its sufficient to downgrade the arch. I'm also curious why you are airing this here rather than talking to the arm team directly. -A > > > -- > Regards, > Thomas Deutschmann / Gentoo Linux Developer > C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 > >
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On 2018-10-11 17:45, Corentin “Nado” Pazdera wrote: > What's a "blind stable"? I'm guessing stabilizing without testing? If > yes, why? Yes, stabilized without testing. Reason: No ARM arch team member with access to an ARM box was available for the last ~7 days. However, this update is critical for anyone using something like net-dns/unbound with DNSSEC validation enabled (which isn't enabled by default but you are encourage to switch this on). -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On Thu, Oct 11, 2018 at 11:10 AM Thomas Deutschmann wrote: > Let me quote > https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6f6bb91b7f134a121ef9fa1dd504b9ca52c5aa8 > : > This thread is missing a bunch of context...so I'll try to add it I guess. > > > net-dns/dnssec-root: Blind stable on arm, critical bug 667774 > > > > Note that this is a major fail for a stable architecture. > > In addition, all arm devboxes are currently offline. > > > > Bug: https://bugs.gentoo.org/667774 > > Signed-off-by: Andreas K. Hüttel > > Package-Manager: Portage-2.3.49, Repoman-2.3.11 > > ...and now let's all sit down and enjoy how stable ARM users lose access > to the Internet and have to figure out how to deactivate DNSSEC to get > back online. ;] > I can't tell if the complaint is that: 1) Someone blind-stabled something on arm and it broke (doesn't build?) 2) The arm team failed to mark a package stable before a hard deadline (DNSSEC key rotation) I presume its the latter? Whats the impact? All DNS, or only DNSSEC validated entries? > Maybe it is time to destabilize ARM on Gentoo to stop the impression > that we really support ARM. > I'm not really sure I buy this as an argument; but then again I think there is a general expectation that Gentoo users using 'are paying attention'[0] so stable arm users would have unmasked the ~arch version of the keys long before today. [0] Particularly people using DNSSEC...but maybe I'm just a curmudgeon. > > > -- > Regards, > Thomas Deutschmann / Gentoo Linux Developer > C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 > >
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
October 11, 2018 5:10 PM, "Thomas Deutschmann" wrote: > Let me quote > https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6f6bb91b7f134a121ef9fa1dd504b9ca52c5aa8: > >> net-dns/dnssec-root: Blind stable on arm, critical bug 667774 >> >> Note that this is a major fail for a stable architecture. >> In addition, all arm devboxes are currently offline. >> >> Bug: https://bugs.gentoo.org/667774 >> Signed-off-by: Andreas K. Hüttel >> Package-Manager: Portage-2.3.49, Repoman-2.3.11 > > ...and now let's all sit down and enjoy how stable ARM users lose access > to the Internet and have to figure out how to deactivate DNSSEC to get > back online. ;] > > Maybe it is time to destabilize ARM on Gentoo to stop the impression > that we really support ARM. What's a "blind stable"? I'm guessing stabilizing without testing? If yes, why? I'm almost happy I dont use dnssec for once. Corentin “Nado” Pazdera
[gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
Let me quote https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6f6bb91b7f134a121ef9fa1dd504b9ca52c5aa8: > net-dns/dnssec-root: Blind stable on arm, critical bug 667774 > > Note that this is a major fail for a stable architecture. > In addition, all arm devboxes are currently offline. > > Bug: https://bugs.gentoo.org/667774 > Signed-off-by: Andreas K. Hüttel > Package-Manager: Portage-2.3.49, Repoman-2.3.11 ...and now let's all sit down and enjoy how stable ARM users lose access to the Internet and have to figure out how to deactivate DNSSEC to get back online. ;] Maybe it is time to destabilize ARM on Gentoo to stop the impression that we really support ARM. -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 signature.asc Description: OpenPGP digital signature
