Dne 07. 04. 22 v 16:13 Stephen Gallagher napsal(a):
On Thu, Apr 7, 2022 at 10:12 AM Kamil Dudka <kdudka(a)redhat.com>
wrote:
> On Thursday, April 7, 2022 3:45:45 PM CEST Stephen Gallagher wrote:
>>> Sorry for keeping asking naive questions, but is there a chance to do
>>> some mass rebuild prior this lands, to asses the impact? Better to avoid
>>> (complete?) breakage of ELN and give change to fix the (most
>>> outstanding) issues prior it lands.
>>
>> I'm not sure what benefit that would have. The crypto policies are
>> generally applied at runtime, not build-time.
> The policies applied at run time can break builds though, especially when
> they include regression tests that use crypto.
Yep, that is precisely the case. Actually it is higher chance that the
testsuites are problem then the runtime, because the test suites trying
to assert every code path when during runtime likely just subset of
functionality is used (not mentioning that test suites tends to use
weaker cryptography, because it is faster and it won't cause security
concerns).
Ah, that hadn't occurred to me. I'm still not sure it's
worth running
a mass-rebuild specifically for this, though. I think it might be
better to clean things up as they come up and then piggy-back on the
next Fedora mass-rebuild.
At minimum, you count with broken Ruby :)
Vít