| 9 Jul 2025 |
 Christian Theune | From my experience, this kind of dependencies quickly leads to an operational nightmare when something goes unexpectedly wrong. Designing for a "everything is sunny in california" environment doesn't resonate very well with me. Especially because the complexity is getting so high that making predictions about reliability and not forgetting some corner case is becoming impossible. | 07:14:07 |
| Christian Theune | IMHO the overall design would be much better off if we ripped out the "no self signed certificates" knob ... | 07:14:41 |
| Christian Theune | This will let us have a single straight path in the dependencies to ensure servers come up somehow and then let users deal with partial degradations instead of complete failure that then becomes impossible to fix because of opposing dependencies. | 07:15:46 |
| Christian Theune | m1cr0man: Just to make sure: I completely agree with the tradeoffs you mention regrading community needs. I've read through the original PR that introduces the knob (https://github.com/NixOS/nixpkgs/pull/15562) and I see that it was kind of a given to use a knob - this has been 9 years ago and I think we were in a state of expansion on ACME capabilities back then. From todays perspective I don't see a strong reason to support turning it off as it's such a core case of people using HTTP-01... | 07:27:33 |
| Christian Theune | oooh, and the management of ownership/permissions in the .lego/ directory is inconsistent. it partially wants 600 for the files (and verifies that in a test) but then again the setup script broadly sets them back to 640 | 09:33:41 |
| Christian Theune | but the tests never saw that due to selective permission checking. | 09:33:56 |
| Christian Theune | I'd say keeping the files consistently on 640 with the right group is fine ... ? | 09:34:14 |
| Christian Theune | not sure why we'd go to the extra lengths of having them 600 and 640 ... | 09:34:27 |
 m1cr0man | Where is it inconsistent exactly? I don't remember all the permissions checks | 19:43:33 |
| m1cr0man | Sure, I'm sold :) | 19:47:44 |
|  @alina:catgirl.cloud changed their profile picture. | 21:01:28 |
| @alina:catgirl.cloud changed their display name from alina to alina arielle amelie🏳️⚧️🐾. | 21:02:13 |
| 10 Jul 2025 |
| Christian Theune | finally ... i got all tests working. one last cleanup regarding the lock handling, but then I should be ready for more eyes ... | 09:39:08 |
| Christian Theune | alright ... m1cr0man emily if you'd like to take a look https://github.com/NixOS/nixpkgs/pull/422076 is now ready. it's a lot more changes than I anticipated and I really tried my best to keep it down. | 12:43:41 |
| Christian Theune | hexa: if you have oppinions, then I'm all ear, too. | 12:43:59 |
| Christian Theune | Arian: and you taking another look is of course appreciated as well | 12:44:17 |
 emily | busy today and I'm sure m1cr0man will be more thorough than myself but I'll see if I can find time to take a quick look over the weekend | 14:16:11 |
| emily | frankly the module has grown so big that I find it hard to keep track of everything to review changes | 14:16:28 |
| emily | though I'd be very happy to review PRs that reduce the number of lines :D | 14:16:51 |
| Christian Theune | Understood. Overall it's a few more lines but I think the module itself is same length or shorter, but overall simpler. There's some places that could be DRY'd but at n=3 I'm still wary of early abstraction. Most new lines are in tests, I think. | 19:53:42 |
| 14 Jul 2025 |
| m1cr0man | I have been reviewing the change bit by bit for the last few days. Haven't had much time to sit down continuously. About 70% done | 07:34:45 |
| Christian Theune | thanks! i know it's a big one ... | 07:35:27 |
| Christian Theune | i'll be on vacation starting from thursday - no pressure, but don't expect a reply between thursday and august 5h. i'll pick this up afterwards if need be. | 07:35:55 |
 hexa | currently otherwise occupied with … mail. | 23:12:17 |
| hexa | * currently otherwise occupied with … mail stuff. | 23:12:20 |
| 15 Jul 2025 |
| m1cr0man | I'm on vacation until a similar time at EOM, so that works out :) I'll try and drop the review before my holiday | 00:00:08 |
| Christian Theune | 🙂 | 06:13:53 |
| 24 Jul 2025 |
|  blocklisted joined the room. | 10:10:53 |
| 28 Jul 2025 |
|  John joined the room. | 08:01:26 |
| 4 Aug 2025 |
| m1cr0man | Christian Theune: Just sent the review there. Sorry it took so long, I was on call the week before my holiday and was way too mentally exhausted to look at more code. | 14:43:09 |
