On to, 15 maalis 2018, Rob Crittenden via FreeIPA-devel wrote:
Christian Heimes wrote:
On 2018-03-15 14:19, Rob Crittenden via FreeIPA-devel wrote:
freeIPA in Fedora 28 is currently broken for a number of reasons:
- The NSS switch to sqlite
- 389-ds now provides a default security entry
- many changes in dogtag
FESCO has given us and dogtag a reprieve on the beta deadline but we
need to get something working ASAP.
The dogtag team has their code in mostly working shape now.
For IPA we need to decide what to release. I see the choices as:
1. Use 4.6.3 + NSS and other patches
2. Release 4.7.0 now even though it doesn't have everything we planned
and ship that with F-28
3. Do a 4.7.0 pre-release (set IPA_VERSION_PRE_RELEASE in VERSION and
release a tarball).
4. Use a git pull from master for F-28 and name it something that will
be upgradable (this is the tricky bit).
I'm for option (3) or option (2) in that order. We need to get some
working release out ASAP. Dogtag won't release 10.6 to F28 until we have
confirmed that 10.6 works with FreeIPA. It doesn't have to be a final
version and it doesn't have to support migration for now.
Perhaps we should replace ipa-server-upgrade with a dummy so people
cannot update a production system until we have ironed out all kinks.
Authselect and ntpd to chrony port are mostly done. I'm confident that
Lex and Tibor will be able to deliver the improvements in time for
Fedora 28.
I also prefer 3 or 2, in that order.
If we do a pre-release do we want to crank up the full Release engine
including release notes, etc? Or just tag it, generate a tarball and
release into F28?
Given that Debian already moved to Tomcat 8.5, they would also benefit
from a proper release to get FreeIPA packaged back.
--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org