[Pki-devel] replication of new/modified profiles
Christina Fu
cfu at redhat.com
Sat Jul 5 18:27:16 UTC 2014
Yes, deferring profile inheritance for later discussion would be the
right approach at this time.
thanks,
Christina
On 07/02/2014 07:51 PM, Endi Sukma Dewata wrote:
> On 7/2/2014 4:42 PM, Christina Fu wrote:
>> IMHO, I think #3 is way too complicated. Complication invites issues
>> and confuse people.
>>
>> Could we step back and try something simpler? When you copy the content
>> of one profile and modify it to create a new one, then it's a new
>> profile standing on its own. Why the parent-child relationship and
>> all? Seems like an administrator's nightmare. Maybe I missed out on the
>> irc discussion, but could you please give us a summary of the benefit
>> and how the benefit weights against development time and administration
>> maintenance, and support effort in the future on our end?
>
> Proposal #3 can be simplified into #3(a) without profile inheritance.
> Here we'll support just the file-based system profile, proxy LDAP
> profile, and custom LDAP profile. For immediate purposes this should
> be sufficient.
>
> Profile inheritance is an idea that just came up after the IRC
> discussion. It would take a whole separate design page to see how it
> works, the potential benefits, and the impact on us. We don't have to
> implement this now, but later if we determine that it is useful, we
> can implement #3(b) with profile inheritance without changing the
> schema or the existing data.
>
>> Anyway, I hope you will consider what I said in my earlier response. I
>> thought our goal was to provide a "centralized collection of profiles"
>> to ease administration effort. I hope we achieve simplicity rather than
>> create complication. It's just my personal preference.
>
> Not disagreeing with that. Simplicity is always a goal, but sometimes
> the proper solution cannot be the simplest one.
>
More information about the Pki-devel
mailing list