recent changes to security/ca_root_nss

Reply: Franco Fichtner : "Re: recent changes to security/ca_root_nss"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Franco Fichtner <franco_at_lastsummer.de>
Date: Mon, 09 Oct 2023 08:39:03 UTC

Hi,

Since discussing this appears to be difficult I'm starting a
new and brief thread about the recent changes based on
the verifiable facts:

https://cgit.freebsd.org/ports/commit/security/ca_root_nss?id=574c939eccd322f546365bff8a68c7a5b7c3dc92

This commit changes the behaviour of the ETCSYMLINK
option without a revision bump or explanation. It forces
inconsistencies between the three files provided (two are
samples now, the other one is a direct link). Trying to contact
the author was unsuccessful. A few things were at least
discussed around the commit:

https://lists.freebsd.org/archives/freebsd-ports/2023-September/004451.html

Then we had another commit:

https://cgit.freebsd.org/ports/commit/security/ca_root_nss?id=483e74f44b82f20bddd5608beef74b2a5ab38a88

This was approved by the author of the first commit not
responding for comments, but introduces other regressions
like merging the trust stores unconditionally and removing
other provided files in a default option. It was up for review
at least. It also modifies the port as indicated in the previous
mail thread that had no response:

https://lists.freebsd.org/archives/freebsd-ports/2023-September/004459.html

I've unprofessionally voiced my concerns about lack of discussion
out of frustration about lack of response, planning and care here:

https://lists.freebsd.org/archives/freebsd-ports/2023-October/004612.html

I deserve my fair share of criticism, but it doesn't change the fact
that both commits are of poor quality and they actually were actively
being discussed and concerns ignored. I will not yield on this fact.

I see now that the latter one has been rolled back again:

https://cgit.freebsd.org/ports/commit/security/ca_root_nss?id=52e0c40367d3ebd09ab7169e025c37fbf70b8dee

Thanks for that.

Now my main concern is what's the plan? Do we want to live with
the inconsistency untroduced in 574c939ecc that was actually
reported and fixed in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262755
and introduced in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228550 ?

Why are we discarding prior work with documented use case and user
reports under the guise of cleanups? Why was there no planning and
proper review of the changes carried out? Why were the two committers
involved either not responding or criticising others harshly for
bringing it up while approving each others work anyway?

As a side note I'd appreciate if asking for apologies is not a recurring
trend when ignoring technical discussion and concerns from non-
committers. This goes for on-list and off-list messages. It's highly
inappropriate.

Thanks for reading this far,
Franco