[Freeipa-devel] FreeIPA 4.0.3?
Petr Viktorin
pviktori at redhat.com
Thu Sep 11 14:56:51 UTC 2014
On 09/11/2014 04:51 PM, Nathaniel McCallum wrote:
> On Thu, 2014-09-11 at 16:48 +0200, Petr Viktorin wrote:
>> On 09/11/2014 04:43 PM, Nathaniel McCallum wrote:
>>> On Thu, 2014-09-11 at 16:39 +0200, Petr Viktorin wrote:
>>>> On 09/11/2014 04:38 PM, Ludwig Krispenz wrote:
>>>>>
>>>>> On 09/11/2014 04:31 PM, Petr Viktorin wrote:
>>>>>> On 09/11/2014 04:26 PM, Martin Kosek wrote:
>>>> ...
>>>>>>> Also, we will need to add the F21 389-ds-base build to FreeIPA Copr:
>>>>>>> http://copr.fedoraproject.org/coprs/mkosek/freeipa/
>>>>>>> so that F20 users can upgrade to the newest FreeIPA. Are there any
>>>>>>> known issues
>>>>>>> in the F21 389-ds-base build that would prevent upstream FreeIPA
>>>>>>> 4.0.x to be
>>>>>>> based on it?
>>>>>>>
>>>>>>> If yes, we may need to include the patch in Fedora 21 downstream only
>>>>>>> after all..
>>>>>>
>>>>>> We're basing the Fedora 21 Alpha downstream on FreeIPA 4.0.3, so we
>>>>>> couldn't include the patch even there.
>>>>>> There better be no such issues.
>>>>> what do you mean by "no such issues" ? I don't think that 389/F21 will
>>>>> be the first bug free software. At the moment Thierry is investigating a
>>>>> crash in dna-plugin and Noriko a memory leak, which could be in F21 -
>>>>>
>>>>
>>>> any known issues in the F21 389-ds-base build that would prevent
>>>> upstream FreeIPA 4.0.x to be based on it
>>>
>>> Yes. 389 will not start if weak ciphers are specified. Currently,
>>> FreeIPA specifies weak ciphers. This means that FreeIPA in F21 doesn't
>>> work at all because the DS will never start.
>>>
>>> We need this patch merged: https://fedorahosted.org/389/ticket/47838
>>>
>>> Then, we need an F21 build of 389-ds-base.
>>>
>>> Then we need to merge Ludwig's IPA patch from this thread with a
>>> versioned dependency on the new 389-ds-base build.
>>>
>>> Then we release 4.0.3.
>>
>> That's what I understood, but thanks for confirming.
>>
>> We need to move fast; FreeIPA is an f21 alpha blocker.
>
> Have we filed a blocker bug? They are discussing go/no go right now.
The meeting starts in 2 hours, and AFAIK it's already certain it's no-go.
Is there a 389 Fedora bug for the issue that I could reference in an IPA
bug?
--
Petr³
More information about the Freeipa-devel
mailing list