On Wed, Dec 02, 2020 at 03:29:43AM -0000, Marco Trevisan (Treviño) wrote: > Soo... Given we prefer to stay conservative and not change SSSD crypto
I didn't say that! > backend fully (to be clear, I would have preferred it to follow > upstream, not to provide a solution that will change in next LTS no > matter what, and avoid having "frankensteins", but wasn't a strong > requirement for me) I've been exploring ways to get only the component > we care (p11_child) to use p11-kit and openssl. This is certainly a valuable angle to look at - thanks! > Robie, this would be better SRU approach? I think you misunderstand me. I'm not saying that your upload *has* to be narrow. I've not formed an opinion that yet. What I'm saying is that whatever size of scope you choose, there must be a regression analysis that covers that scope. If you take a widely scope, then I expect a regression analysis to cover what I feel are the obvious possible implications of that change. By nature of it being wider, the regression analysis can be expected to be more work, of course. Because a wider scope generally correlates with increased regression risk, I'd also expect a justification of why the narrow scope is less desirable. But the analysis is still necessary and must not be skipped. If you take a narrow scope, then that's correlated with lower regression risk, and because a regression analysis would be narrower in scope to match, it might well be less work. I appreciate that sometimes it's harder or riskier to narrow the scope, so I'm still open to widening the scope - *if* there is an appropriate justification *and* full regression analysis of that wider scope provided. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905790 Title: Make SSSD in 20.04 using OpenSSL and p11-kit (instead of NSS) for p11_child To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1905790/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
