On 09/15/2014 05:37 PM, Petr Vobornik wrote:
> On 15.9.2014 17:21, Tomas Babej wrote:
>> Hi folks,
>> while developing parts of the upcoming views feature
>> (http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust),
>> we stumbled upon the question of having descriptions required by the
>> framework.
>> There are arguments for the description being required, at least for
>> overriding attributes of IPA users. However, nothing stops irresponsible
>> admins from entering descriptions like 'foo'.
>> There is related ticket in the Trac:
>> https://fedorahosted.org/freeipa/ticket/4387
>> I'd like to avoid having this argument over again. Can we establish a
>> guideline we wish to follow? Having tickets like #4387 and requiring
>> descriptions in new features is too inconsistent for my taste :) we
>> should either:
>> 1.) Define a clear line - when it makes sense to require description and
>> when not.
>> 2.) Decide never to require description, since it is a non-enforcible
>> requirement (nothing stops you from entering meaningless description).
> Description is a helper tool for users and it's not required for any
> functionality. Ideally user (company policy) should choose whether it should 
> be
> required. We should only give recommendations, e.g., in documentation.
> Making it configurable seems like a lot of effort with little added value.
> I'm for #2.
> Btw, idview plugin is inconsistent by itself atm - overrides have it required
> but idview doesn't.
> my 2c

+1, please don't require description unless it is really required for the
actual functionality. As already discussed wrt #4387, we cannot force admins to
enter something sensible in the description, so let us not punish those who do
not want to document it and make adding views, SUDO rules, ... easier.

Adding description to MUST part of objectclass is rather unprecedented move.
Just for fun I listed all objectclasses in my DS that use  description field
and neither of them had it in MUST part. I could partially live with
description being in MAY part of objectclass + the framework requiring it, but
I do not think it is a good idea either.


Freeipa-devel mailing list

Reply via email to