[Pki-devel] [PATCH] 303-306 Various issues

Ade Lee alee at redhat.com
Wed May 25 03:32:43 UTC 2016 

Patches 303, 305 and 306 have been modified as discussed and checked
in.

Patch 304 has been revised as discussed on IRC.  Please review.

Ade

On Fri, 2016-05-20 at 17:00 -0500, Endi Sukma Dewata wrote:
> On 5/20/2016 2:20 PM, Ade Lee wrote:
> > Please review:
> > 
> > Patches listed in reverse order (306 -> 303)
> > 
> > Ade
> 
> Some comments/questions:
> 
> Patch #303:
> 1. Instead of using underscores (i.e. ca.publishing.cert_enable and 
> ca.publishing.crl_enable) it would be more consistent to use dots
> (i.e. 
> ca.publishing.cert.enable and ca.publishing.crl.enable) in the
> parameter 
> names.
> 
> 2. The PublisherProcessor.isCertPublishingEnabled() and 
> isCRLPublishingEnabled() currently swallow the exception thrown by 
> getBoolean() and interpret it as disabled. I think since "this should
> never happen" the exception should (if not too much additional work)
> be 
> allowed to bubble up.
> 
> Patch #304:
> 1. I think the default maxAge and maxFiles should not be unlimited 
> because most people probably will use the default values until
> something 
> goes wrong (e.g. disk full), and we want to avoid that. It would be 
> better to pick something reasonable, for example 1 year and 100
> files, 
> respectively.
> 
> 2. Currently the unit for maxAge is hour. How long do people usually 
> want to retain old files? Should we use day instead?
> 
> 3. In purgeExcessFiles() the files are sorted by last modified 
> timestamp. It's kind of risky since someone could accidentally do 
> something that updates the timestamp, then code will be deleting a
> file 
> that's not supposed to be purged yet. Can the files be sorted by
> their 
> names? In Tomcat the log files can be sorted by their names since
> they 
> contain a timestamp or sequence number.
> 
> 4. Also in purgeExcessFiles() the last loop calls dir.listFiles() in 
> each iteration. For efficiency it might be better to use a counter
> since 
> the number of excess files can be computed before the loop.
> 
> 5. The exception thrown by getInteger() should not be swallowed
> either. 
> If there's a configuration problem we want to know that.
> 
> Patch #305:
> 1. It might be better to check for invalid revocation reason in the 
> RevocationReason.valueOf() itself so any code using it is guaranteed
> to 
> get a valid value.
> 
> Patch #306 will follow later.
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0304-Add-parameters-to-purge-old-published-files.patch
Type: text/x-patch
Size: 12142 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160524/f8cb1d0f/attachment.bin>

More information about the Pki-devel mailing list