On 04/20/2017 06:14 AM, Francisco Barbee via arch-general wrote: > It's 2017, security doesn't mean unoptimized. There was attempt to > bring in more optimizations already used in Clearlinux project like > pgo and lto to makepkg but it's still on sidelines due to lack of > time from devs. See > https://aur.archlinux.org/packages/makepkg-optimize2/ > Actually, Allan said he dislikes that concept entirely and refuses to merge it at all because: 1) CFLAGS+="-flto" should be set in makepkg.conf, not libmakepkg 2) PGO will not be a thing because "I am not adding an option to makepkg that does non-deterministic optimisation." 3) PGO that involves makepkg being context-sensitive between two makepkg runs, is not an option; use a wrapper script with multiple makepkg.conf's instead. Lack of time is not the issue, in fact, Allan has reviewed *lots* of pacman/makepkg patches, and merged lots of them, in the time he has refused to even consider these. > Did you know this bug was reported by concerned user because dev > hadn't time for it for a half of year? Plus nobody ever explained why > minor bug in testsuite should be a blocker here. Also there are more > security flags to be enabled, trivial to add and blocked only by lack > of time/lack of will, even when other devs explicitly asked for > this. Failing testsuites mean that real issues will never be discovered, which means the whole point of running testsuites is nullified. So no, it is not a minor bug. > I agree with the above but it's not the case here. Packages doesn't > stay in testing for extended period because actual problems are > resolved but because everyone who did his/her job has to wait for > someone who didn't. See > https://www.archlinux.org/todo/openssl-rebuild-take-2/ . Everything > is done except one package and nothing changed for weeks. I don't know why openssl 1.1 is still in testing. But I do know that merely assuming it is ready to be moved today except for that package, is rather naive. I am going to assume that the Devs have actual reasons for what they do. Also, if your only point is that testing rebuilds get held up, I am not sure what you expect us to do about it. Whatever the reason is, that can only be fixed by the Devs, we have no influence over it in any way. And if they are deliberately ignoring it for the lulz, your bribes won't work; I guess we are just doomed by malice... ... Aside: your emails seem to be wrapped in an over-aggressive manner, why such short lines? -- Eli Schwartz
Attachment:
signature.asc
Description: OpenPGP digital signature