Hi all,

I've published a draft design for the profile update mechanism.
This feature is to ensure that we can safely update included
profiles even when we use Dogtag profile components only available
in new versions.

https://www.freeipa.org/page/V4/Certificate_profile_update_mechanism

Interested persons, please review the design.  In particular there
are two main questions I would like to discuss:

1. We need to store the IPA version in IPA master entries.  What
   should be the schema?

   
https://www.freeipa.org/page/V4/Certificate_profile_update_mechanism#IPA_master_entries

2. How should we deal with customised versions of included profiles?
   There is a big tradeoff here, of complexity + flexibility vs.
   simplicitity + reverting customisations to included profiles (and
   preventing them in future).

   
https://www.freeipa.org/page/V4/Certificate_profile_update_mechanism#Dealing_with_modified_profiles

Thanks,
Fraser
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to