Re: F30 Self-Contained Change proposal: krb5 crypto modernization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tomasz Torcz <tomek@xxxxxxxxxxxxxx> writes:

> On Mon, Jan 07, 2019 at 04:12:47PM -0500, Robbie Harwood wrote:
>> Adam Williamson <adamwill@xxxxxxxxxxxxxxxxx> writes:
>> 
>> > On Thu, 2019-01-03 at 22:40 -0600, Jason L Tibbitts III wrote:
>> >
>> >> But to be fair, MIT krb5 is not known for having great error output.
>> >> Not being able to start at all because the K/M has an enctype which is
>> >> acceptable and not at all deprecated according to the documentation that
>> >> exists today _and_ failing in the way the software tends to fail (with
>> >> obscure and sometimes numeric messages) would be... tough.  Not that I
>> >> think anyone would just do dnf system-upgrade on their master KDC.
>> >
>> > Anyone using FreeIPA and upgrading it is doing this, I guess. (Like
>> > me...)
>> 
>> We appreciate that you *do* do this because it means others will hit
>> fewer bugs that they need to roll back!  But while krb5 version upgrades
>> are safe, distro upgrades aren't something that can be tested except in
>> a distro context.
>
>   Distro context?  But we are talking about Fedora here, this couldn't
> be less “distro context”.
>   Distro upgrade is a suggested way to keep one's installation at
> supportable release (as opposed to reinstall), so distro-upgrade path
> MUST be tested and working.

I don't disagree with any of that.  What I mean to say is that if you
hold all other package versions the same, krb5 upgrades are always safe
- but we can't, as krb5, make guarantees about what any other packages
do, especially our dependencies.  The testing needs to happen when the
distro is assembled - i.e., in the context of the distro, not
beforehand.

Thanks,
--Robbie

Attachment: signature.asc
Description: PGP signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux