New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dev-libs/openssl[bindist] update per EC patents expiring #18894
Conversation
Pull Request assignmentSubmitter: @mgorny dev-libs/openssl: @gentoo/base-system Linked bugsBugs linked: 762850 In order to force reassignment and/or bug reference scan, please append Docs: Code of Conduct ● Copyright policy (expl.) ● Devmanual ● GitHub PRs ● Proxy-maint guide |
Pull request CI reportReport generated at: 2021-01-01 11:19 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
Thank you for your PR but @gentoo/base-system will handle OpenSSL on our own. For the records, SM2 got disabled in last bump (2915b99) because the hobble patch is breaking SM2. However, Fedora (hobble patch upstream) don't care about SM2 because they have it disabled for political reasons (China!). Gentoo had to decide to fork and fix hobble patch or just disable SM2 when applying hobble patch allowing us to keep using upstream patch without any changes and we chose the latter to make maintenance easier. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes look good to me.
This is really territorial. You should stop that. |
After reading Whissi's notes more carefully, I guess he is saying we don't need to keep "sm2" behind bindist when we drop the EC-related logic. |
This wasn't meant territorial. But this PR is also the perfect example why people not maintaining a package shouldn't come up with a PR making a change they don't understand. It's a waste of time doing things twice. So I thanked the author and told him the project (probably me because I did most of the 1.1.x work in the past) will take care of this. |
This seems more like the perfect example of why you should document things like this. |
So a week later, since you've asked others to stay off your lawn, can we expect you to mow it? |
Thank you for your friendly reminder! I am sure you are following the bug behind this PR and have noticed no progress. So based on my little research we are still not ready to proceed here:
|
I would really like to see evidence of this claim. By the "foundation", I assume you mean its trustees. Where/when did they express these concerns? |
From commit bdd5c9e:
Anyway, thank for your suggestion. I am now re-assigning the bug to get their approval to make progress. |
c16db49
to
44d2fe7
Compare
Pull request CI reportReport generated at: 2021-09-12 09:44 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
44d2fe7
to
008bd2b
Compare
Pull request CI reportReport generated at: 2021-09-12 11:24 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
6021f5b
to
0f41323
Compare
Now that all EC-related patents have expired, we can reenable them unconditionally. The revdeps seem to already depend on 'bindist(-)', so we can remove the bindist flag altogether. Closes: https://bugs.gentoo.org/762850 Signed-off-by: Michał Górny <mgorny@gentoo.org>
Closes: https://bugs.gentoo.org/812653 Signed-off-by: Michał Górny <mgorny@gentoo.org>
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Signed-off-by: Michał Górny <mgorny@gentoo.org>
0f41323
to
254e616
Compare
Pull request CI reportReport generated at: 2021-09-12 16:29 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
Pull request CI reportReport generated at: 2021-09-12 16:39 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Debian don't seem to be disabling things
- Fedora still are with their patch
- I've not seen any specific references to which patents we're supposedly protected from with USE=bindist, or whether it is truly exhaustive.
- (While not understanding doesn't mean it doesn't apply, I don't see how binary redistribution is different to the source code anyway.)
Unless the Gentoo Foundation gets specific legal advice, I really don't see the need to apply this to one package. Especially now that we ended up dropping it (and updating all revdeps...) for OpenSSL 3.x anyway, even though Fedora have a patch available now.
Feel free to reopen for the RC5 bit. |
Bug: https://bugs.gentoo.org/762850 Signed-off-by: Michał Górny <mgorny@gentoo.org> Closes: #18894 Signed-off-by: Sam James <sam@gentoo.org>
No description provided.