Date: Wed, 20 Sep 2023 13:17:31 +0200 From: Bernhard Froehlich <decke@FreeBSD.org> To: "Franco Fichtner" <franco@lastsummer.de> Cc: "ports" <ports@freebsd.org> Subject: Re: security/ca_root_nss: Remove duplicate PLIST entry Message-ID: <18ab24f3cb3.c5c013fe911770.6822211215277654124@FreeBSD.org> In-Reply-To: <3C85B95F-A41E-4859-9D27-61D414AFC833@lastsummer.de> References: <EAE8891D-0168-4879-BA59-067FAE37623F@lastsummer.de> <44a681dd-71cf-4946-bcdc-4928aeb02fd5@FreeBSD.org> <3C85B95F-A41E-4859-9D27-61D414AFC833@lastsummer.de>
next in thread | previous in thread | raw e-mail | index | archive | help
---- On Wed, 20 Sep 2023 10:18:32 +0200 Franco Fichtner wrote --- > > On 19. Sep 2023, at 1:42 PM, Renato Botelho garga@FreeBSD.org> wrote: > > > > On 19/09/23 05:58, Franco Fichtner wrote: > >> Hi, > >> Looking at this "blanket" change I'm not sure this is a good way to bring in without discussion > >> and especially without a revision change: > >> https://cgit.freebsd.org/ports/commit/security/ca_root_nss?id=574c939eccd322 > >> The relevant bug was reported here: > >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262755 > >> And I'd suggest rolling back that recent change or making a better effort at explaining the > >> problem it solves. > > > > According to the commit log, those files are already handled by @sample entries on pkg-plist so nothing is gonna change on final package. > > -- > > Renato Botelho > > > So what's the process here? > > Contacted committer: no response > Contacted ports mailing list: no technical discussion > > Should I raise a bug ticket for the bug ticket with the patch > that I wrote? Should the ca_root_nss maintainer take a look > who wasn't involved in the change that I raised concerns about? > Do we not want to avoid further bug reports by doing review > which wasn't possible for this blanket change in pahbricator? > > I'm highly confused about the "open source" participation > that is required of non-committers. ;) > Before anyone is going to revert this I'd like to add that it seems to fix a bug with Custom Root CA for me. Up to now whenever I have a box with an additional Private Root CA in /usr/local/share/certs/ and run "certctl rehash" some tools like fetch work properly up to the point when ca_root_nss is installed. Removing ca_root_nss also made it work properly: pkg remove -f ca_root_nss After the change to ca_root_nss system tools like fetch work fine now even when ca_root_nss is installed. Did not have any time yet to fully understand why it behaves like that. -- Bernhard Froehlich https://www.bluelife.at/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18ab24f3cb3.c5c013fe911770.6822211215277654124>