On Thu, 18 Nov 2010 16:23:38 +0100
Jakub Hrozek <jhro...@redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 11/18/2010 02:24 PM, Simo Sorce wrote:
> > On Thu, 18 Nov 2010 07:21:04 -0500
> > Stephen Gallagher <sgall...@redhat.com> wrote:
> >> Doing the forward septets is easy (1*x..7*x), but the reverse
> >> septets are more complicated (since they would be (y-1*x..y-7*x),
> >> where y is the total number of days in the month (which also has
> >> to account for leap years).
> >> I think it might be a nice enhancement, but I recommend that we not
> >> include it right now, given the tight release schedule for FreeIPA
> >> v2.
> > As I said before it is a now or never condition.
> > If you do not put it in now, then when you put it in, old clients
> > will not understand the rule. And they will have only one option,
> > always deny access, because they have no way to understand when it
> > is ok to allow/deny it.
> > Simo.
> In that case, should we have some version identifier, too? In case we
> identify some flaw later on and need to change the format once again.
And what should a client do when it finds a version it does not
Simo Sorce * Red Hat, Inc * New York
Freeipa-devel mailing list