[Freeipa-devel] "Commit comments log" functionality in IPA
Simo Sorce
ssorce at redhat.com
Fri Nov 7 14:46:02 UTC 2008
On Fri, 2008-11-07 at 09:23 -0500, Dmitri Pal wrote:
> Sumit Bose wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi,
> >
> > here are my 0.02$
> >
> > - - for the policies it would be possible to have the commit comments
> > inside the XML file, like
> > <commit><comment>...</comment><comment>...</comment></commit>.
> >
> >
>
> Why do we need the comments inside the policy itself? Comments inside
> the policy do not male much sense to me.
> The policies are sent to the clients. So comments would be extraneous
> information that will be sent to clients for no value.
I think comments may contain information that should not be widespread,
so I do not think we should put them in the policy file (at least not in
the clear, maybe encrypted).
If disclosing comments to clients is not a problem, Sumit's suggestion
seem to me *much* more appropriate. It will preserve all comments when
you do changes to a policy on a staging test installation and then later
on you transport them to the production environment (export policy,
import policy). This would be an extremely valuable feature imo.
> It will also cause more replication since policies a compressed XMLs.
No, you add a comment when you change a policy, so you are already
rewriting the XML file.
> Change to a comment will trigger the update of the whole attribute.
Your description of the feature sounded like comments cannot be changed
once the operation is committed so this would not be a problem.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list