https://bugzilla.redhat.com/show_bug.cgi?id=2078592 --- Comment #7 from Pino Toscano <ptoscano@xxxxxxxxxx> --- (In reply to Petr Menšík from comment #6) > (In reply to Chris Snyder from comment #5) > > Thank you very much for the review!! > > > > I'm not sure I see the benefit of adding the %config directive for these > > files which are not intended to be modified by the user. > > We can consider moving the pem files to another directory but it is worth > > mentioning that this directory is used by katello and related tooling to add > > *.pem files for use in communicating with foreman / Satellite instances so > > unless it is a blocking item I'd rather continue that discussion with those > > folks as well after the addition of this package. > > > > To address the ownership of the /etc/rhsm directory I've opened this PR > > against subscription-manager: > > https://github.com/candlepin/subscription-manager/pull/3045 > > > > What are the next steps? > > If they are never intended to be modified, they belong to /usr/share instead. We all agree with this. The problem here is that "the ship has sailed". subscription-manager has been using for many years /etc/rhsm/ca as default location for CAs to use when connecting to the entitlement server, which makes changing this a non-trivial task. Other software interacts with it by adding own content (e.g. katello), so we cannot just switch the location. Other approaches are possible, but IMHO they are out of the scope of this new package process. > I think every file under %_sysconfdir should be marked either %config or > %config(noreplace). Please mark it as %config, it would keep the behaviour > on updates, but possible user's changed won't be lost forever. The situation is that the user very rarely, if ever, needs to _change_ the existing files in /etc/rhsm/ca. Adding new ones, for example to authenticate the connection to an own Candlepin, is definitely supported. > Note: guidelines make it clear they *must* be marked config files. It is not > only should, I did a research about this: packages such as fedora-gpg-keys, ca-certificates, and containers-common do install bits in /etc/pki without marking them as %config (unless I misread their spec files). So IMHO there is either - an inconsistency in the distribution - or a different handling for this kind of "non-textual" stuff > therefore I would give release+ if they are either config files > or just links to /usr dir. Petr, I understand you want to improve the quality of Fedora, and I don't think anyone of us wants to make it worse. However, please consider the situation here: - there is existing software with long-term practices, be them good or bad - it is not possible to change the software right now - the subscription-manager-rhsm-certificates package exists *already* in Fedora, without the files in /etc/rhsm/ca marked as %config - the current proposed new source builds a new package that is _not_ worse than what is already existing, and actually improves it a bit (for example LICENSE is shipped properly) Therefore all I ask is to look at the whole picture, not only at the Fedora guidelines, and be slightly more understanding of the situation. Accepting the proposed new source does not lower the quality of Fedora, and we definitely can fix further issues on it faster once it's approved. Thanks for the review, and the patience. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2078592 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
