[Freeipa-devel] [PATCHES] 91-92 Add support for RFC 6594 SSHFP DNS records
Rob Crittenden
rcritten at redhat.com
Fri Feb 1 14:17:44 UTC 2013
Jan Cholasta wrote:
> On 31.1.2013 19:59, Rob Crittenden wrote:
>> Jan Cholasta wrote:
>>> On 23.1.2013 23:45, Rob Crittenden wrote:
>>>> Jan Cholasta wrote:
>>>>> On 10.1.2013 05:56, Jan Cholasta wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Patch 91 removes module ipapython.compat. The code that uses it
>>>>>> doesn't
>>>>>> work with ancient Python versions anyway, so there's no need to
>>>>>> keep it
>>>>>> around.
>>>>>>
>>>>>> Patch 92 adds support for automatic generation of RFC 6594 SSHFP DNS
>>>>>> records to ipa-client-install and host plugin, as described in
>>>>>> <http://freeipa.org/page/V3/RFC_6594_SSHFP_DNS_records>. Note that
>>>>>> <https://fedorahosted.org/freeipa/ticket/2642#comment:7> still
>>>>>> applies.
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/2642
>>>>>>
>>>>>> Honza
>>>>>>
>>>>>
>>>>> Self-NACK, forgot to actually remove ipapython/compat.py in the first
>>>>> patch. Also removed an unnecessary try block from the second patch.
>>>>>
>>>>> Honza
>>>>
>>>> These look good. I'm a little concerned about the magic numbers in the
>>>> SSHFP code. I know these come from the RFCs. Can you add a comment
>>>> there
>>>> so future developers know where the values for key type and fingerprint
>>>> type come from?
>>>>
>>>> rob
>>>
>>> Comment added.
>>>
>>
>> Sorry, I just noticed that this is an RFE and there is no design page.
>> Can you write one up real quick, then I'll push both.
>
> Umm.. yes there is, it is linked in the first message of this thread:
> <http://freeipa.org/page/V3/RFC_6594_SSHFP_DNS_records>.
I looked in the ticket. Can you add the link there?
>>
>> I went back and forth a few times on whether we should have a ticket on
>> the dropping of compat, if only to codify that we're giving up an python
>> 2.6, but since this has been a given for a while I think we're ok.
>
> It's Python 2.5 that we are giving up on, not Python 2.6. In fact, we
> already gave up on it, our code does not work with it even if we keep
> compat in (we use some Python features which are not available in 2.5).
Yes, off-by-one. Though in fact the client install, which is all we
really care about regarding older systems, still does almost work even
in python 2.4 with just a few minor changes. But like I said, its fine.
pushed both to master
rob
More information about the Freeipa-devel
mailing list