On 09/11/2014 04:22 PM, Nathaniel McCallum wrote:
> On Thu, 2014-09-11 at 16:21 +0200, Ludwig Krispenz wrote:
>> On 09/11/2014 04:17 PM, Nathaniel McCallum wrote:
>>> On Thu, 2014-09-11 at 16:09 +0200, Ludwig Krispenz wrote:
>>>> On 09/11/2014 04:04 PM, Martin Kosek wrote:
>>>>> On 09/11/2014 03:47 PM, Nathaniel McCallum wrote:
>>>>>> On Thu, 2014-09-11 at 15:46 +0200, Petr Viktorin wrote:
>>>>>>> On 09/11/2014 01:37 PM, Martin Kosek wrote:
>>>>>>>> Hi team,
>>>>>>>> It seems we have pretty serious bug in our FreeIPA 4.0.2 release, 
>>>>>>>> breaking
>>>>>>>> upgrade from older releases:
>>>>>>>> https://fedorahosted.org/freeipa/ticket/4529
>>>>>>>> We also have packaging fix requested by Fedora Server roles group:
>>>>>>>> https://fedorahosted.org/freeipa/ticket/4430
>>>>>>>> It seems just these 2 bugs are enough for a quick FreeIPA 4.0.3 
>>>>>>>> release...
>>>>>>>> Makes sense? Any other tickets or patches we would like to get in?
>>>>>>> Looks like it's just those two. I'll start releasing shortly.
>>>>>> I'd like to get a fix in for the missing ciphers in the new NSS. I can
>>>>>> have a patch on the list shortly.
>>>>>> Nathaniel
>>>>> Isn't this related to
>>>>> https://fedorahosted.org/freeipa/ticket/4395
>>>>> ? I think we do not work with the newest DS which fixed the default 
>>>>> ciphers.
>>>> yes
>>>>> Don't we need to set our SSL ciphers setting to
>>>>> https://fedorahosted.org/389/ticket/47838#comment:29
>>>> yes
>>>> tjhe attached patch tries this, but at the moment I failed to build and
>>>> also to upgrade to F21
>>> NACKallowweakcipher
>>> attribute "allowweakcipher" not allowed
>>> I suspect we are missing a spec file requirement on a newer version of 
>>> 389...
>> yes, you need the latest build of DS, Noriko added the allowweakcipher 
>> only yesterday.
>> That's the problem, I wanted to wait with the ipa side patch until 
>> allowweakcipher was implemented and then on F21 ipa and 389 no longer 
>> played well and now there is a rush

Also, we will need to add the F21 389-ds-base build to FreeIPA Copr:
so that F20 users can upgrade to the newest FreeIPA. Are there any known issues
in the F21 389-ds-base build that would prevent upstream FreeIPA 4.0.x to be
based on it?

If yes, we may need to include the patch in Fedora 21 downstream only after 


Freeipa-devel mailing list

Reply via email to