> On 21 Sep 2017, at 23:23, Fabiano Fidêncio <fiden...@redhat.com> wrote: > > People, > > We have 27 PRs opened by the moment I'm writing this email and I'd > like to have a clear idea which ones are the *must* have for our next > release.
I think it should be notes that we’re trying to get the next release (1.15.4) out of the door mostly to make it in time for the Fedora-27 freeze, which, according to the schedule: https://fedoraproject.org/wiki/Releases/27/Schedule is 2017-10-27 The release after that (1.16.0) is driven by RHEL deadlines, which is also important to note because most SSSD core developers also work on RHEL and a RHEL deadline means the 1.16.0 is mostly time-driven, not “when we feel like releasing, we release the tarball” kind of release. > > - Fix group renaming issue when "id_provider = ldap" is set > (https://github.com/SSSD/sssd/pull/128) > We have a bugzilla for this one. Code has been reviewed and last > comments addressed. > I can ack the PR because I like the code, but I’m not sure the PR would be pushed w/o an integration test. Let’s see during this week, I started working on the test but had no time to finish it.. > - Add "Wants=" to sssd unit (https://github.com/SSSD/sssd/pull/132) > We don't have a bugzilla for this one. IMO, this can be postponed > for the next release > Yes, in general I’m not totally sure we discussed if the behaviour is what we want either. > - Initial revision of sssd pytest framework > (https://github.com/SSSD/sssd/pull/139) > This PR will be reviewed on a phone session. IMO, this can be > postponed for the next release. > > - Add module for starting services (https://github.com/SSSD/sssd/pull/175) > This PR has been stalled for a quite long time. Although the > idea/work seems quite nice, I don't see this one as something that we > should prioritize. So, IMO, this can the postponed for the next > release. > +1 > - TEST: Adding krb5-libs to dependencies > (https://github.com/SSSD/sssd/pull/218) > This PR has been stalled since celestian left the project. It's > something good to have but far from having high priority. IMO, this > can be postponed to the next release. > I think it can be pushed since you made the PR pass the CI tests which was the only blocker earlier. > - changing all talloc_get_type() with talloc_get_type_abort() > (https://github.com/SSSD/sssd/pull/231) > This PR has been stalled for a quite long time. Can easily be > postponed to the next release. > +1 > - provider: Move hostid from ipa to sdap > (https://github.com/SSSD/sssd/pull/237) > This PR comes from an external contributor and as far as I > understood they changed whatever has been requested. IMO this should > be part of this release. > Yes, but it would be really good to have tests..but writing the tests might not be trivial. > - Subdomain inherit (https://github.com/SSSD/sssd/pull/247): > This PR has been stalled for a long time and according to the > dicussion in our phone meeting Today, it can be postponed to the next > release. > +1 > - Update sss_override.c (https://github.com/SSSD/sssd/pull/260) > This PR has been stalled for some time and, IMO, can be postponed to > the next release. > +1 > - Add support for ActiveDirectory's logonHorous restrictions > (https://github.com/SSSD/sssd/pull/269) > This PR comes from an external contributor and as far as I > understood there's still some work to be done. So, should be postponed > to the next release > I’ll reply to Sumit separately. > - Merge sss_cache and sss_debuglevel into sssctl > (https://github.com/SSSD/sssd/pull/274) > This PR seems to be in a good shape and justin addressed the last > comments. IMO, should be part of this release. > This was pushed. > - Implement access verification by rhost using ldap_access_order rhost > option (https://github.com/SSSD/sssd/pull/275) > By the comments I'm not sure whether we may or may not should have > it in the next release. In any case, we must provide a feedback to the > external contributor. > As with other PRs, I think the issue might be in test coverage, so I’m not sure we can merge this PR before we have authentication and authorization tests. I agree about giving feedback. > - Print a warning when enumeration is requested but disabled > (https://github.com/SSSD/sssd/pull/334) > Already acked. > Doesn’t really matter which release this ends up at, it’s a convenience patch. > - Fix for few el6 gcc warnings (https://github.com/SSSD/sssd/pull/371) > - This patch set fixes a bunch warnings > (https://github.com/SSSD/sssd/pull/377) > PR 377 has all the patches contained in PR 371. Any of those have > high priority IMO and both could just be postponed to the next > release. > +1 > - ldap: Change ldap_user_certificate to userCertificate;binary > (https://github.com/SSSD/sssd/pull/372) > Already reviewed. Whoever pushes the patches could squash the > patches instead of keep waiting for the contributor. In any case, > should be part of this release. > +1 > - intg: Add sanity tests for pysss_nss_idmap > (https://github.com/SSSD/sssd/pull/373) > Already acked. > +1 > - IPA: Add threshold for sudo command and command group searches > (https://github.com/SSSD/sssd/pull/374) > Does it have some bugzilla linked? I guess it would be nice to be > reviewed and pushed for this release. > Since the “only” entity who requested this PR is RHEL and RHEL backports patches to stable releases anyway, it’s not critical to the upstream release. > - sssd-1.13 Backported patches for ticket 3505 > (https://github.com/SSSD/sssd/pull/375) > Doesn't affect our release at all > +1 > - [RFC] Use GNULIB's compiler warning code > (https://github.com/SSSD/sssd/pull/378) > IMO this one can be postponed to the next release > +1 > - CI: Enable pep8 check (https://github.com/SSSD/sssd/pull/379) > IMO this one can be postponed to the next release > +1 > - intg: prevent "TypeError: mustbe type, not classobj" > (https://github.com/SSSD/sssd/pull/386) > There's a small change requested that can be done by whoever pushes > the patches instead of keep waiting for the contributor > And it’s not critical for the upstream release either. > - Setting ldap_sudo_include_regexp to false > (https://github.com/SSSD/sssd/pull/387) > Should be part of 2.0 relase in the future > Yes. > - sssd_client: add mutex protected call to the PAC responder > (https://github.com/SSSD/sssd/pull/389) > Should be part of this release > Pushed as of today. > - NSS: Add option to disabled memcache (https://github.com/SSSD/sssd/pull/390) > IMO this one be postponed to the next release > +1 > - Use dbus-daemon in cwrap environment for test > (https://github.com/SSSD/sssd/pull/391) > IMO this one can be postponed to the next release > +1 > - GPO: Don't use freed LDAPURLDesc if domain for AD DC cannot be found > IMO this one should be part of this release > Not critical as the problem is only in the DEBUG message which is not printed by default becase we default to debug_level=0. > So, can we have an agreement that we're going to focus on reviewing: > - Fix group renaming issue when "id_provider = ldap" is set > (https://github.com/SSSD/sssd/pull/128) Yes, I’ll work on the test this week. > - provider: Move hostid from ipa to sdap > (https://github.com/SSSD/sssd/pull/237) OK, maybe a middle ground could be to test with the help of downstream tests that the IPA code still works. An integration test for the LDAP provider could then be written for the next release. > - Add support for ActiveDirectory's logonHorous restrictions > (https://github.com/SSSD/sssd/pull/269) Yes, let’s push this. > - Merge sss_cache and sss_debuglevel into sssctl > (https://github.com/SSSD/sssd/pull/274) Pushed. > - Implement access verification by rhost using ldap_access_order rhost > option (https://github.com/SSSD/sssd/pull/275) I really don’t know if we can push this without tests. But we should absolutely review the code and provide feedback. > - IPA: Add threshold for sudo command and command group searches > (https://github.com/SSSD/sssd/pull/374) Nice, but IMO not critical. > - sssd_client: add mutex protected call to the PAC responder > (https://github.com/SSSD/sssd/pull/389) Pushed > - GPO: Don't use freed LDAPURLDesc if domain for AD DC cannot be found > IMO not critical > And also, do we agree that the bugs mentioned above are the material > for this release and pretty much anything else that is already opened? > > Best Regards, > -- > Fabiano Fidêncio > _______________________________________________ > sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org > To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
