On 2018-03-15 14:19, Rob Crittenden via FreeIPA-devel wrote: > freeIPA in Fedora 28 is currently broken for a number of reasons: > > - The NSS switch to sqlite > - 389-ds now provides a default security entry > - many changes in dogtag > > FESCO has given us and dogtag a reprieve on the beta deadline but we > need to get something working ASAP. > > The dogtag team has their code in mostly working shape now. > > For IPA we need to decide what to release. I see the choices as: > > 1. Use 4.6.3 + NSS and other patches > 2. Release 4.7.0 now even though it doesn't have everything we planned > and ship that with F-28 > 3. Do a 4.7.0 pre-release (set IPA_VERSION_PRE_RELEASE in VERSION and > release a tarball). > 4. Use a git pull from master for F-28 and name it something that will > be upgradable (this is the tricky bit).
I'm for option (3) or option (2) in that order. We need to get some working release out ASAP. Dogtag won't release 10.6 to F28 until we have confirmed that 10.6 works with FreeIPA. It doesn't have to be a final version and it doesn't have to support migration for now. Perhaps we should replace ipa-server-upgrade with a dummy so people cannot update a production system until we have ironed out all kinks. Authselect and ntpd to chrony port are mostly done. I'm confident that Lex and Tibor will be able to deliver the improvements in time for Fedora 28. -- Christian Heimes Senior Software Engineer, Identity Management and Platform Security Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander
signature.asc
Description: OpenPGP digital signature
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org