Re: security/ca_root_nss: Remove duplicate PLIST entry

Reply: Franco Fichtner : "Re: security/ca_root_nss: Remove duplicate PLIST entry"
In reply to: Franco Fichtner : "Re: security/ca_root_nss: Remove duplicate PLIST entry"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Bernhard Froehlich <decke_at_FreeBSD.org>
Date: Wed, 20 Sep 2023 11:17:31 UTC

 ---- On Wed, 20 Sep 2023 10:18:32 +0200  Franco Fichtner  wrote --- 
 > > On 19. Sep 2023, at 1:42 PM, Renato Botelho garga@FreeBSD.org> wrote:
 > > 
 > > On 19/09/23 05:58, Franco Fichtner wrote:
 > >> Hi,
 > >> Looking at this "blanket" change I'm not sure this is a good way to bring in without discussion
 > >> and especially without a revision change:
 > >> https://cgit.freebsd.org/ports/commit/security/ca_root_nss?id=574c939eccd322
 > >> The relevant bug was reported here:
 > >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262755
 > >> And I'd suggest rolling back that recent change or making a better effort at explaining the
 > >> problem it solves.
 > > 
 > > According to the commit log, those files are already handled by @sample entries on pkg-plist so nothing is gonna change on final package.
 > > -- 
 > > Renato Botelho
 > > 
 > So what's the process here?
 > 
 > Contacted committer: no response
 > Contacted ports mailing list: no technical discussion
 > 
 > Should I raise a bug ticket for the bug ticket with the patch
 > that I wrote?  Should the ca_root_nss maintainer take a look
 > who wasn't involved in the change that I raised concerns about?
 > Do we not want to avoid further bug reports by doing review
 > which wasn't possible for this blanket change in pahbricator?
 > 
 > I'm highly confused about the "open source" participation
 > that is required of non-committers.  ;)
 > 

Before anyone is going to revert this I'd like to add that it seems to fix a
bug with Custom Root CA for me.

Up to now whenever I have a box with an additional Private Root CA in
/usr/local/share/certs/ and run "certctl rehash" some tools like fetch
work properly up to the point when ca_root_nss is installed.

Removing ca_root_nss also made it work properly:
pkg remove -f ca_root_nss

After the change to ca_root_nss system tools like fetch work fine now
even when ca_root_nss is installed. Did not have any time yet to fully
understand why it behaves like that.

--
Bernhard Froehlich
https://www.bluelife.at/