Martin Husemann <martin%duskware.de@localhost> writes: > On Thu, Jun 09, 2022 at 06:35:25PM -0400, Greg Troxel wrote: >> We generally take the view that if there are N ways to do things in the >> world we allow packaging of all of them. This package isn't something >> I want, but prohibiting it because somebody might use it when we think >> they shouldn't is beyond our normal practice. > > This seems to be a (temporary) attempt to paper over a NetBSD base > system issue that would better be solved there (as Kimmo mentioned). > > We should have the real discussion on some base system specific list, and > maybe just leave the pkg alone untill consensus has been reached (besides > improving DESCR)? > > Would be really cool to fix it in base before NetBSD 10.0. Paper over isn't really the right word. pkgsrc runs on N systems, for a very large number of N. Some of those base systems contain a configured set of trust anchors, and some don't. It's always going to be like that, as some of the N are not maintained. pkgsrc policy so far has been to respect the base system choice of whether to pre-configure trust anchors or not. That means not changing things in /etc, and it also means that when pkgsrc installs openssl that there aren't configured trust anchors from pkgsrc. If NetBSD base changes policy, then these packages should become less necessary for NetBSD (after the change), but they are still going to be needed for some people on older NetBSD and on a number of other systems. If you want to start discussion about changing policy in NetBSD base, that's of course an ok discussion to have, and belongs someplace else. (A discussion should involve a survey of existing practice of a number of other systems and their lessons learned.) That discussion happening or not happening is orthogonal to what pkgsrc should be doing. At most, it would mean that NetBSD users post-change would not be interested in installing these packages.
Attachment:
signature.asc
Description: PGP signature