FreeIPA team has recently released 4.2.0 version[1] which adds a number
of features community members were asking for:

   - User certificates
   - Vault to store user secrets
   - One-way trust to Active Directory
   - User life-cycle management for integration with external process workflows
   - [many  other enhancements and improvements]

Development of these features required coordinating changes across
multiple projects.  We have provided the packages for Fedora through our
COPR repository[2].  The repository includes multiple packages, and
relies on multiple others updated in Fedora repositories since Fedora

FreeIPA and other teams at Red Hat are currently working on integrating
FreeIPA 4.2 release into Red Hat Enterprise Linux 7 update. While
traditionally CentOS users had to wait for a Red Hat Enterprise Linux
release, in time for 7.1 update we tried something new with a COPR
repository providing FreeIPA 4.1 for CentOS before Red Hat Enterprise
Linux 7.1 was released. The repository proved to be a success -- both
for quality of bug reports we've got and ability to reach out to you.

With COPR repository for CentOS 7 we've also got experience to manage
expectations of support and maintenance for the FreeIPA 4.1 packages in
the view of upcoming Red Hat Enterprise Linux release. The packages in
the COPR repository would expire when the Red Hat Enterprise Linux
update comes to CentOS and to people who used the repository it would
mean a need to handle upgrades.

We are considering to repeat COPR experiment with FreeIPA 4.2 for CentOS 7.
However, this time we also are relying on updated packages which are
beyond the maintenance of FreeIPA, SSSD, Dogtag, and 389-ds teams. Some
of the updates in those packages include ABI changes. Maintaining our
own rebuilds of these packages in the COPR repository would put
additional burden on the upstream developers and later on you -- when
CentOS 7 updated versions of those packages would come through the
official channels.

Thus, we would like to ask you, whether having a separate COPR
repository for FreeIPA 4.2 would make sense for CentOS 7 users.
The repository will expire with the release of CentOS 7 updates and no
upgrade path would be provided for the bits.  Of course, FreeIPA
replication should work and to move forward you would need to deploy
replicas with formal CentOS bits into the same environment and phase out
the replicas running bits coming from the COPR repository.  This path is
intended but not guaranteed. It might happen that further development
would reveal issues and bugs that might make such migration path broken
and impossible to fix. In this case upstream will make reasonable
efforts but would provide no guarantee that the issue will be addressed.

Does it make sense and worth proceeding with creating a CentOS COPR repo
with upstream bits? Tell us!

[1] http://www.freeipa.org/page/Releases/4.2.0
[2] https://copr.fedoraproject.org/coprs/mkosek/freeipa-4.2

/ Alexander Bokovoy

Attachment: signature.asc
Description: PGP signature

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to