On 05/12/2016 12:56 AM, Fraser Tweedale wrote: > On Wed, May 11, 2016 at 04:36:34PM +0200, Jan Cholasta wrote: >> On 11.5.2016 15:04, Fraser Tweedale wrote: >>> On Wed, May 11, 2016 at 01:31:36PM +0200, Jan Cholasta wrote: ... >>>> 3) I would rather avoid adding new commands just to work around bugs. IMO >>>> "certprofile-import caIPAserviceCert >>>> /usr/share/ipa/profiles/caIPAserviceCert.cfg" should be good enough in this >>>> case. >>>> >>> As discussed above, I'm afraid it is not, unless users manually do >>> the substitutions. If we provide some code to do the substitutions, >>> we have essentially reach what I have proposed. >>> >>> Other suggestions are welcome. >>> >>> BTW, there is another option I did not already mention: do nothing >>> in code, and help users on a case-by-case basis / point them to a >>> guide / KB article? >> >> This option is my favorite :-) (If automatic fix during upgrade is indeed >> out of the picture.) >> > Martin, if the profile is incorrect, do we have to fix it > automatically? What are our obligations / customer expectations > here?
I would love to hear customer expectations, but in that case you should ask the users/customers, not me :-) But having documented procedure in a KB/wiki article how to fix a broken profile seems as a good enough for me, we can build the API command later if we see a pressing need. Martin -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code