Re: softhsm: add portroach limit
On Thu, Aug 27, 2015 at 06:06:44PM +0200, Patrik Lundin wrote: > Hello, > > portroach currently thinks security/softhsm is outdated. The reason for > this is that while the version in ports is 1.3.7, there is a development > release using a 2.0.0 version number. > > The diff below should limit the version check to the 1.x.x versions. > > -- > Patrik Lundin > > Index: Makefile > === > RCS file: /cvs/ports/security/softhsm/Makefile,v > retrieving revision 1.1.1.1 > diff -u -p -u -r1.1.1.1 Makefile > --- Makefile 23 Jun 2015 11:26:05 - 1.1.1.1 > +++ Makefile 27 Aug 2015 16:00:25 - > @@ -1,5 +1,7 @@ > # $OpenBSD: Makefile,v 1.1.1.1 2015/06/23 11:26:05 jca Exp $ > > +PORTROACH= limit:^1\. > + > SHARED_ONLY= Yes > > COMMENT= software PKCS\#11 cryptographic token > My opinion is still that the original diff above is the correct one. While I understand the reaction from other people on the list that it would be troublesome to make portroach blind to "newer" releases, I am still convinced that the 2.x branch is not relevant to this port at all. This means we are currently doing the opposite of making portroach miss new releases: we are making it harder for people to spot real unmaintained code which could be considered just as bad. If you don't trust my personal judgement on this, maby looking at other projects having a separate package for the 2.x branch can help sway your opinion: FreeBSD: http://portsmon.freebsd.org/portoverview.py?category=security=softhsm2 Debian: https://packages.debian.org/sid/softhsm2 At the end of the day I hope my maintainer status would make you trust my judgement. This port is my responsibility after all. -- Patrik Lundin
Re: softhsm: add portroach limit
On 2015/09/21 10:31, Antoine Jacoutot wrote: > On Mon, Sep 21, 2015 at 10:19:23AM +0200, Patrik Lundin wrote: > > On Thu, Aug 27, 2015 at 06:06:44PM +0200, Patrik Lundin wrote: > > > Hello, > > > > > > portroach currently thinks security/softhsm is outdated. The reason for > > > this is that while the version in ports is 1.3.7, there is a development > > > release using a 2.0.0 version number. > > > > > > The diff below should limit the version check to the 1.x.x versions. > > > > > > -- > > > Patrik Lundin > > > > > > Index: Makefile > > > === > > > RCS file: /cvs/ports/security/softhsm/Makefile,v > > > retrieving revision 1.1.1.1 > > > diff -u -p -u -r1.1.1.1 Makefile > > > --- Makefile 23 Jun 2015 11:26:05 - 1.1.1.1 > > > +++ Makefile 27 Aug 2015 16:00:25 - > > > @@ -1,5 +1,7 @@ > > > # $OpenBSD: Makefile,v 1.1.1.1 2015/06/23 11:26:05 jca Exp $ > > > > > > +PORTROACH= limit:^1\. > > > + > > > SHARED_ONLY= Yes > > > > > > COMMENT= software PKCS\#11 cryptographic token > > > > > > > My opinion is still that the original diff above is the correct one. While > > I understand the reaction from other people on the list that it would be > > troublesome to make portroach blind to "newer" releases, I am still > > convinced that the 2.x branch is not relevant to this port at all. > > > > This means we are currently doing the opposite of making portroach miss > > new releases: we are making it harder for people to spot real > > unmaintained code which could be considered just as bad. > > > > If you don't trust my personal judgement on this, maby looking at other > > projects having a separate package for the 2.x branch can help sway your > > opinion: > > > > FreeBSD: > > http://portsmon.freebsd.org/portoverview.py?category=security=softhsm2 > > > > Debian: https://packages.debian.org/sid/softhsm2 > > > > At the end of the day I hope my maintainer status would make you trust > > my judgement. This port is my responsibility after all. > > It's not that we don't trust you. > But I think it's the first time I see that softhsm2 would be a totally > different port (i.e. security/softhsm2). > If that's the case, then yes of course your diff is fine. I am not entirely convinced that softhsm2 should be a different port rather than just something we cut across to at a suitable point (let's see how things go when it has matured; our approach to providing early versions of a major release doesn't necessarily equate to FreeBSD/Debian's), but I do agree with adding the limit for now so I've committed this.
Re: softhsm: add portroach limit
On Mon, Sep 21, 2015 at 10:39:10AM +0100, Stuart Henderson wrote: > On 2015/09/21 10:31, Antoine Jacoutot wrote: > > > > It's not that we don't trust you. > > But I think it's the first time I see that softhsm2 would be a totally > > different port (i.e. security/softhsm2). > > If that's the case, then yes of course your diff is fine. > > I am not entirely convinced that softhsm2 should be a different port > rather than just something we cut across to at a suitable point (let's see > how things go when it has matured; our approach to providing early versions > of a major release doesn't necessarily equate to FreeBSD/Debian's), but > I do agree with adding the limit for now so I've committed this. > Thank you, I wanted to have this sorted out so I could start looking at a patch for a security issue that is fixed in the NetBSD port: http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/security/softhsm/patches/patch-src_bin_softhsm-keyconv.cpp?annotate=1.1 I'll handle that in a separate thread once I have reproduced and fixed the problem. -- Patrik Lundin
Re: softhsm: add portroach limit
On Mon, Sep 21, 2015 at 10:19:23AM +0200, Patrik Lundin wrote: > On Thu, Aug 27, 2015 at 06:06:44PM +0200, Patrik Lundin wrote: > > Hello, > > > > portroach currently thinks security/softhsm is outdated. The reason for > > this is that while the version in ports is 1.3.7, there is a development > > release using a 2.0.0 version number. > > > > The diff below should limit the version check to the 1.x.x versions. > > > > -- > > Patrik Lundin > > > > Index: Makefile > > === > > RCS file: /cvs/ports/security/softhsm/Makefile,v > > retrieving revision 1.1.1.1 > > diff -u -p -u -r1.1.1.1 Makefile > > --- Makefile23 Jun 2015 11:26:05 - 1.1.1.1 > > +++ Makefile27 Aug 2015 16:00:25 - > > @@ -1,5 +1,7 @@ > > # $OpenBSD: Makefile,v 1.1.1.1 2015/06/23 11:26:05 jca Exp $ > > > > +PORTROACH= limit:^1\. > > + > > SHARED_ONLY= Yes > > > > COMMENT= software PKCS\#11 cryptographic token > > > > My opinion is still that the original diff above is the correct one. While > I understand the reaction from other people on the list that it would be > troublesome to make portroach blind to "newer" releases, I am still > convinced that the 2.x branch is not relevant to this port at all. > > This means we are currently doing the opposite of making portroach miss > new releases: we are making it harder for people to spot real > unmaintained code which could be considered just as bad. > > If you don't trust my personal judgement on this, maby looking at other > projects having a separate package for the 2.x branch can help sway your > opinion: > > FreeBSD: > http://portsmon.freebsd.org/portoverview.py?category=security=softhsm2 > > Debian: https://packages.debian.org/sid/softhsm2 > > At the end of the day I hope my maintainer status would make you trust > my judgement. This port is my responsibility after all. It's not that we don't trust you. But I think it's the first time I see that softhsm2 would be a totally different port (i.e. security/softhsm2). If that's the case, then yes of course your diff is fine. -- Antoine
Re: softhsm: add portroach limit
On Thu, Aug 27, 2015 at 05:35:54PM +0100, Stuart Henderson wrote: On 2015/08/27 18:17, Antoine Jacoutot wrote: On Thu, Aug 27, 2015 at 06:06:44PM +0200, Patrik Lundin wrote: Hello, portroach currently thinks security/softhsm is outdated. The reason for this is that while the version in ports is 1.3.7, there is a development release using a 2.0.0 version number. The diff below should limit the version check to the 1.x.x versions. Well the problem here is that once uptream release a 2.X version as stable, then portroach will never know. I'd rather have false positive in this case, rather than missing updates. I agree - I imagine that you could skipv:2.0.0 for now though. I am pretty sure the 2.0.0 version would be a different port (security/softhsm2). Looking at the example at https://wiki.opendnssec.org/display/SoftHSMDOCS/SoftHSM+Documentation+v2.0 it can be seen that a different command line utility is used (specifically mentioning 2 in the name): === softhsm2-util --init-token --slot 0 --label My token 1 === -- Patrik Lundin
softhsm: add portroach limit
Hello, portroach currently thinks security/softhsm is outdated. The reason for this is that while the version in ports is 1.3.7, there is a development release using a 2.0.0 version number. The diff below should limit the version check to the 1.x.x versions. -- Patrik Lundin Index: Makefile === RCS file: /cvs/ports/security/softhsm/Makefile,v retrieving revision 1.1.1.1 diff -u -p -u -r1.1.1.1 Makefile --- Makefile23 Jun 2015 11:26:05 - 1.1.1.1 +++ Makefile27 Aug 2015 16:00:25 - @@ -1,5 +1,7 @@ # $OpenBSD: Makefile,v 1.1.1.1 2015/06/23 11:26:05 jca Exp $ +PORTROACH= limit:^1\. + SHARED_ONLY= Yes COMMENT= software PKCS\#11 cryptographic token
Re: softhsm: add portroach limit
On Thu, Aug 27, 2015 at 06:06:44PM +0200, Patrik Lundin wrote: Hello, portroach currently thinks security/softhsm is outdated. The reason for this is that while the version in ports is 1.3.7, there is a development release using a 2.0.0 version number. The diff below should limit the version check to the 1.x.x versions. Well the problem here is that once uptream release a 2.X version as stable, then portroach will never know. I'd rather have false positive in this case, rather than missing updates. -- Patrik Lundin Index: Makefile === RCS file: /cvs/ports/security/softhsm/Makefile,v retrieving revision 1.1.1.1 diff -u -p -u -r1.1.1.1 Makefile --- Makefile 23 Jun 2015 11:26:05 - 1.1.1.1 +++ Makefile 27 Aug 2015 16:00:25 - @@ -1,5 +1,7 @@ # $OpenBSD: Makefile,v 1.1.1.1 2015/06/23 11:26:05 jca Exp $ +PORTROACH= limit:^1\. + SHARED_ONLY= Yes COMMENT= software PKCS\#11 cryptographic token -- Antoine
Re: softhsm: add portroach limit
On 2015/08/27 18:17, Antoine Jacoutot wrote: On Thu, Aug 27, 2015 at 06:06:44PM +0200, Patrik Lundin wrote: Hello, portroach currently thinks security/softhsm is outdated. The reason for this is that while the version in ports is 1.3.7, there is a development release using a 2.0.0 version number. The diff below should limit the version check to the 1.x.x versions. Well the problem here is that once uptream release a 2.X version as stable, then portroach will never know. I'd rather have false positive in this case, rather than missing updates. I agree - I imagine that you could skipv:2.0.0 for now though.
