[Pki-devel] [PATCH] 106-2 Fixes for comments on 106 (#1036)

Ade Lee alee at redhat.com
Thu Oct 9 14:35:26 UTC 2014 

1. mod to pki.1 man page -- says "User management commands"  -> should
be "Profile management commands".

2. It is usual to bump the version (and add a changelog statement) when
the spec file is modified, even on master.

3. The pki-profile page looks much better.  I think that it needs a note
to make the authentication picture a little clearer.  Something like
this:

Note:  Modifying or deleting a profile requires user(s) that have two
roles (admin and agent).  The same user may be in both roles.  An agent
is need to first disable the profile.  Once the profile is disabled, it
can be modified/deleted by an admin user.  Then, an agent is needed to
enable the profile for use by the CA.

Once the above changes are made, ACK.


4-10-01 at 16:43 -0400, Abhishek Koneru wrote:
> Pushed patch 107 to master.
> 
> Please review the patch 106-2 which addresses the below comments.
> 
> -- Abhishek
> On Tue, 2014-09-30 at 22:44 -0400, Ade Lee wrote:
> > ACK on 107.
> > 
> > On 106 (man page), a few comments:
> > 0.  Command-Line Interface for managing profiles in the Certificate
> > System.  ->  
> >     Command-Line Interface for managing Certificate System profiles.
> > 1. Is it true that you can leave out the ca- ?
> > 2. You forgot to mention pki <subsystem>-profile in the description.
> > 3.  profile-show:
> >     This command is to get a profile. --> 
> >     This command is to view the details of a profile.
> > 4.  Remove the phrase "in the CA" as it is redundant.
> > 5.  enable/disable profile.  For disable, you should mention that
> >     a profile needs to be disabled before it can be edited.  For 
> >     enable, you should mention that a profile needs to be enabled 
> >     before it can be used.
> > 6.  Authentication -- different commands require different roles to 
> >     authenticate.  You need to look them up, but enable/disable are 
> >     agent operations, add/del/mod are admin operations, find/show   
> >     should be both.
> > 
> > 7.  The options start and stop can be used to specify the beginning and
> > the size of the list. --> Not very clear, you need to bold the options.
> > Also, stop is not an option.
> > 
> > 8.  "view the contents of the profile".  It would be nice to mention
> > some of the things that are in there.  eg.  These contents include
> > profile inputs, profile outputs, authenticators, profile policies and
> > constraints.
> > 
> > 9. This output file can be filled with data and used for certificate
> > enrollment.  --> This is true but deceptive.  Really the only thing t
> > matters are the profile inputs.  The rest are likely to be ignored.
> > 
> > To get a template suitable for an enrollment, you really want to use 
> > pki cert-request-profile-show.  In fact, its a good idea to mention that
> > fact here.
> > 
> > Where profile-show is useful is for constructing new profiles or
> > modifying profiles.
> > 
> > 10. Modify/Delete -- note that the profile must be disabled before these
> > operations can occur.
> > 
> > Ade
> > 
> > On Tue, 2014-09-30 at 16:09 -0400, Abhishek Koneru wrote:
> > > Please review the attached patches with fixes for tickets 1036(man page
> > > for profile CLI commands) and 1037 (issue in request status on
> > > reject/cancel action on a key request).
> > > 
> > > -- Abhishek
> > > _______________________________________________
> > > Pki-devel mailing list
> > > Pki-devel at redhat.com
> > > https://www.redhat.com/mailman/listinfo/pki-devel
> > 
> > 
>

More information about the Pki-devel mailing list