Re: git: 77f72c463b90 - 2024Q1 - x11-servers/xwayland-devel: backport recent secfixes

From: Emmanuel Vadot <manu_at_bidouilliste.com>
Date: Thu, 04 Apr 2024 19:17:52 UTC
On Thu, 04 Apr 2024 19:55:05 +0200
Jan Beich <jbeich@FreeBSD.org> wrote:

> Emmanuel Vadot <manu@bidouilliste.com> writes:
> 
> > On Thu, 04 Apr 2024 16:47:09 +0200
> > Jan Beich <jbeich@FreeBSD.org> wrote:
> >
> >> Baptiste Daroussin <bapt@freebsd.org> writes:
> >> 
> >> > On Thu 04 Apr 15:48, Jan Beich wrote:
> >> >
> >> >> Emmanuel Vadot <manu@bidouilliste.com> writes:
> >> >> 
> >> >> >> but also introduced a number of regressions that
> >> >> >> don't exist in my port, all of which were documented in my reviews.
> >> >> >
> >> >> >  What regressions ? I'm using xwayland for more than a year on my
> >> >> > desktop instead of -devel and haven't seen a problem.
> >> >> 
> >> >> Try diff xwayland{,-devel}/Makefile:
> >> >> - Missing XSECURITY (ssh -X vs. ssh -Y; xorg-server parity per bug 221984)
> >> >> - Missing XDMCP (xorg-server parity, maybe used with rootful Xwayland and GUI login managers)
> >> >> - Missing XTEST input emulation (XDG Portal API, required by GNOME, Plasma and maybe rootful Xwayland)
> >> >> - Missing CSD for rootful (mainly for GNOME, optional even if preferred elsewhere)
> >
> >  All those options could be added. The main reason that they are not is
> > that x11-server/xwayland isn't used by anyone but me as it requires
> > patching ports to use it. So obviously if they aren't needed for my
> > case no one will stand up and ask for them to be enabled.
> >  Another way to view this is that you enabled all those options without
> > consulting anyone, why would you you might ask, it's your port ? Well
> > yes but since this port is forced to be used by everyone enabling
> > option and dependencies should be a concensus between multiple users.
> >  For some, (like XSECURITY) you've explained in the commit message so
> > that's good at least. Other like CSD was enabled without anything in
> > the commit message except that this was an update, this is not good.
> 
> - XDMCP was enabled (auto-detection) in xwayland up until 5f87249229d3
> - xwayland-devel was created before 5f87249229d3 thus used xwayland and
>   xorg-server from back then as the reference for feature defaults
> - CSD and EI are enabled due upstream default (auto-detection) and
>   as part of "batteries included" policy for binary packages
> 
> >> >> - Broken on DragonFly due to forcing -Dsha1 (already default after I've fixed upstream bug years ago)
> >
> >  I don't care about Dragonfly, they are grown ups and can manage their
> > own ports.
> 
> Sure but the option is redundant on FreeBSD. libmd is already preferred
> and auto-detected over OpenSSL, nettle or gcrypt.
> 
> >  Lol, very bold of you to say this as all your ports forced on others
> > follow your views.
> 
> Sure but the proposal is no different. Under the guise of changing to a
> stable version of dependency you also want to change maintainership into
> one that benefits you. For example, all these x11@ updates you land
> haven't been submitted through Bugzilla for peer review.

 You're absolutely right about my x11@ updates.
 Truth is I've started to put everything on phab when I took over (not
willingly) x11@ and got tired that no one was reviewing patches.
 Now I'm alone on x11@ and no one seems to care to step up and help.
 Three or four years ago when I started to do x11@ stuff I've asked for
your help and at this time you refused. Now I'm asking you again, if
you want to join x11@ so we can combine our forces I would be more than
happy. I really believe that the force of FreeBSD is it's community and
doing things alone is never a good thing, I have plan to change that
and I would prefer that it will include you.

> >  I think that you should fork the ports tree to JanPorts, do your stuff
> > there and for the FreeBSD ports tree please start engaging discussion
> > with the community, you are not alone.
> 
> Bug 244016 is an example discussion. Looks civil? 

 Sure do, but what I get from this PR is that we switch kde to
xwayland-devel because of no good reason. The only "good" one was that
users couldn't install kde and sway in // because sway was bringing
-devel and kde wasn't. This is the worst reason to switch a port to a
-devel version dep.

> Now look at bug 276614.

 I am very familiar with this one, I was probably not civil on it,
not sure if I was the least civil person.

> Many years have passed but I see x11@ culture of brandishing authority
> hasn't disappeared.

 We need guidelines, this is the thing that FreeBSD needs the most and
have the least IMHO.

 Cheers,

-- 
Emmanuel Vadot <manu@bidouilliste.com> <manu@freebsd.org>