[Freeipa-devel] FreeIPA 4.0.3?
Nathaniel McCallum
npmccallum at redhat.com
Fri Sep 12 01:21:05 UTC 2014
On Thu, 2014-09-11 at 16:48 +0200, Petr Viktorin wrote:
> On 09/11/2014 04:43 PM, Nathaniel McCallum wrote:
> > On Thu, 2014-09-11 at 16:39 +0200, Petr Viktorin wrote:
> >> On 09/11/2014 04:38 PM, Ludwig Krispenz wrote:
> >>>
> >>> On 09/11/2014 04:31 PM, Petr Viktorin wrote:
> >>>> On 09/11/2014 04:26 PM, Martin Kosek wrote:
> >> ...
> >>>>> Also, we will need to add the F21 389-ds-base build to FreeIPA Copr:
> >>>>> http://copr.fedoraproject.org/coprs/mkosek/freeipa/
> >>>>> so that F20 users can upgrade to the newest FreeIPA. Are there any
> >>>>> known issues
> >>>>> in the F21 389-ds-base build that would prevent upstream FreeIPA
> >>>>> 4.0.x to be
> >>>>> based on it?
> >>>>>
> >>>>> If yes, we may need to include the patch in Fedora 21 downstream only
> >>>>> after all..
> >>>>
> >>>> We're basing the Fedora 21 Alpha downstream on FreeIPA 4.0.3, so we
> >>>> couldn't include the patch even there.
> >>>> There better be no such issues.
> >>> what do you mean by "no such issues" ? I don't think that 389/F21 will
> >>> be the first bug free software. At the moment Thierry is investigating a
> >>> crash in dna-plugin and Noriko a memory leak, which could be in F21 -
> >>>
> >>
> >> any known issues in the F21 389-ds-base build that would prevent
> >> upstream FreeIPA 4.0.x to be based on it
> >
> > Yes. 389 will not start if weak ciphers are specified. Currently,
> > FreeIPA specifies weak ciphers. This means that FreeIPA in F21 doesn't
> > work at all because the DS will never start.
> >
> > We need this patch merged: https://fedorahosted.org/389/ticket/47838
Done: thanks everyone on the DS side!
> > Then, we need an F21 build of 389-ds-base.
Done: thanks nhosoi!
> > Then we need to merge Ludwig's IPA patch from this thread with a
> > versioned dependency on the new 389-ds-base build.
New patch attached which includes a versioned dep on the new DS.
> > Then we release 4.0.3.
>
> That's what I understood, but thanks for confirming.
>
> We need to move fast; FreeIPA is an f21 alpha blocker.
>
>
> >> Plugin crashes or memory leaks are bad, but we can release with them.
> >
> > +1. The real problem is that without the above fixes, IPA doesn't work
> > at all.
> >
> > Nathaniel
> >
> >
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-ticket-4395-change-ciphers-enabled-by-default.patch
Type: text/x-patch
Size: 3731 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140911/f9b02d26/attachment.bin>
More information about the Freeipa-devel
mailing list