[Pki-devel] replication of new/modified profiles

[Endi Sukma Dewata]

On 7/2/2014 4:42 PM, Christina Fu wrote:
> IMHO, I think #3 is way too complicated.  Complication invites issues
> and confuse people.
>
> Could we step back and try something simpler? When you copy the content
> of one profile and modify it to create a new one, then it's a new
> profile standing on its own.  Why the parent-child relationship and
> all?  Seems like an administrator's nightmare. Maybe I missed out on the
> irc discussion, but could you please give us a summary of the benefit
> and how the benefit weights against development time and administration
> maintenance, and support effort in the future on our end?

Proposal #3 can be simplified into #3(a) without profile inheritance. 
Here we'll support just the file-based system profile, proxy LDAP 
profile, and custom LDAP profile. For immediate purposes this should be 
sufficient.

Profile inheritance is an idea that just came up after the IRC 
discussion. It would take a whole separate design page to see how it 
works, the potential benefits, and the impact on us. We don't have to 
implement this now, but later if we determine that it is useful, we can 
implement #3(b) with profile inheritance without changing the schema or 
the existing data.

> Anyway, I hope you will consider what I said in my earlier response.  I
> thought our goal was to provide a "centralized collection of profiles"
> to ease administration effort.  I hope we achieve simplicity rather than
> create complication. It's just my personal preference.

Not disagreeing with that. Simplicity is always a goal, but sometimes 
the proper solution cannot be the simplest one.

-- 
Endi S. Dewata