From nobody Mon Oct 09 08:39:03 2023 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4S3ss80SvHz4x35k for ; Mon, 9 Oct 2023 08:39:24 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from host64.shmhost.net (host64.shmhost.net [IPv6:2a01:4f8:a0:51d3::107:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4S3ss63vSgz3R0x for ; Mon, 9 Oct 2023 08:39:22 +0000 (UTC) (envelope-from franco@lastsummer.de) Authentication-Results: mx1.freebsd.org; dkim=none; spf=none (mx1.freebsd.org: domain of franco@lastsummer.de has no SPF policy when checking 2a01:4f8:a0:51d3::107:1) smtp.mailfrom=franco@lastsummer.de; dmarc=none Received: from smtpclient.apple (p200300cd8714dff8a9d76b82a0d3ef2e.dip0.t-ipconnect.de [IPv6:2003:cd:8714:dff8:a9d7:6b82:a0d3:ef2e]) by host64.shmhost.net (Postfix) with ESMTPSA id 4S3sry21P2zPLTZ for ; Mon, 9 Oct 2023 10:39:14 +0200 (CEST) From: Franco Fichtner Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\)) Subject: recent changes to security/ca_root_nss Message-Id: Date: Mon, 9 Oct 2023 10:39:03 +0200 To: FreeBSD Ports X-Mailer: Apple Mail (2.3731.600.7) X-Virus-Scanned: clamav-milter 0.103.10 at host64.shmhost.net X-Virus-Status: Clean X-Spamd-Bar: / X-Spamd-Result: default: False [0.54 / 15.00]; AUTH_NA(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999]; MV_CASE(0.50)[]; NEURAL_SPAM_SHORT(0.21)[0.213]; NEURAL_HAM_LONG(-0.18)[-0.175]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/32, country:DE]; RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-ports@freebsd.org]; R_DKIM_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; TO_DN_ALL(0.00)[]; R_SPF_NA(0.00)[no SPF record]; PREVIOUSLY_DELIVERED(0.00)[freebsd-ports@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[lastsummer.de]; RCVD_VIA_SMTP_AUTH(0.00)[] X-Rspamd-Queue-Id: 4S3ss63vSgz3R0x Hi, Since discussing this appears to be difficult I'm starting a new and brief thread about the recent changes based on the verifiable facts: = https://cgit.freebsd.org/ports/commit/security/ca_root_nss?id=3D574c939ecc= d322f546365bff8a68c7a5b7c3dc92 This commit changes the behaviour of the ETCSYMLINK option without a revision bump or explanation. It forces inconsistencies between the three files provided (two are samples now, the other one is a direct link). Trying to contact the author was unsuccessful. A few things were at least discussed around the commit: = https://lists.freebsd.org/archives/freebsd-ports/2023-September/004451.htm= l Then we had another commit: = https://cgit.freebsd.org/ports/commit/security/ca_root_nss?id=3D483e74f44b= 82f20bddd5608beef74b2a5ab38a88 This was approved by the author of the first commit not responding for comments, but introduces other regressions like merging the trust stores unconditionally and removing other provided files in a default option. It was up for review at least. It also modifies the port as indicated in the previous mail thread that had no response: = https://lists.freebsd.org/archives/freebsd-ports/2023-September/004459.htm= l I've unprofessionally voiced my concerns about lack of discussion out of frustration about lack of response, planning and care here: = https://lists.freebsd.org/archives/freebsd-ports/2023-October/004612.html I deserve my fair share of criticism, but it doesn't change the fact that both commits are of poor quality and they actually were actively being discussed and concerns ignored. I will not yield on this fact. I see now that the latter one has been rolled back again: = https://cgit.freebsd.org/ports/commit/security/ca_root_nss?id=3D52e0c40367= d3ebd09ab7169e025c37fbf70b8dee Thanks for that. Now my main concern is what's the plan? Do we want to live with the inconsistency untroduced in 574c939ecc that was actually reported and fixed in = https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D262755 and introduced in = https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228550 ? Why are we discarding prior work with documented use case and user reports under the guise of cleanups? Why was there no planning and proper review of the changes carried out? Why were the two committers involved either not responding or criticising others harshly for bringing it up while approving each others work anyway? =20 As a side note I'd appreciate if asking for apologies is not a recurring trend when ignoring technical discussion and concerns from non- committers. This goes for on-list and off-list messages. It's highly inappropriate. Thanks for reading this far, Franco=