Re: Splitting out certmaster for use in projects like FreeIPA. Thoughts?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2008-02-04 at 12:47 -0500, Greg DeKoenigsberg wrote:
> On Mon, 4 Feb 2008, Michael DeHaan wrote:
> 
> > Hello Func community,
> >
> > Adrian, Seth, and I were just talking with Karl Wirth (FreeIPA) about Func 
> > and certmaster.   Certmaster is a general use way of distributing certs and 
> > has advantages for use beyond Func.    Since FreeIPA wants a similar 
> > mechanism, it seems to be a good idea to share.
> >
> > Basically we think it would be a good idea to open up certmaster and make 
> > certmaster it's own project on Fedora Hosted.   As with Func, it will be 
> > available in Fedora/EPEL under the same license as Func (GPLv2+), and of 
> > course it will still be a community project so everyone here will still be 
> > able to work on it.
> >
> > The idea behind this is lots of projects want ways to distribute certs, but 
> > not all users want to run Func (though we think that would great if they did 
> > of course!).
> >
> > As a side effect of moving it over, certmaster can get some upgrades such as 
> > auto-renew support and optional (default: off) ability to store certs in 
> > LDAP, etc.   We'll also hopefully have a lot more really sharp security guys 
> > working on it :)   So, no, you will not need to install FreeIPA to use Func, 
> > or Func to use FreeIPA ... but both will likely have a dependency on 
> > certmaster -- which seems reasonable.
> >
> > We aim to keep complexity of Func setup the same as it is now (that's one of 
> > Func's main selling points) and want to coordinate with the certmaster 
> > project to ensure Func doesn't get broken.   Keeping existing configs working 
> > is important, and if we do this right, setup instructions will be the same or 
> > change only minimally.    We also intend to use the same mailing list for 
> > certmaster as this project, so people don' thave to join other lists. 
> > Before we enact this split, does anyone have any comments about this plan? 
> > Thanks,
> 
> /me applauds.
> 
> Small tools that do small jobs extremely well, and connect to one another 
> extremely simply.  That was the point of func in the first place.
> 
> Although the mailing list stuff might be a bit confusing.  If certmaster 
> is going to be its own project, shouldn't it have its own list?

It's not going to be all that interesting of its own project and since
all the func people will need to know about certmaster it kinda makes
sense to leave them together.

-sv


_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list

[Index of Archives]     [Fedora Users]     [Linux Networking]     [Fedora Legacy List]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux