Re: F36 Change: Retire the NIS(+) user-space utility programs (System-Wide Change proposal)
On 21. 10. 21 22:37, Ben Cotton wrote:
https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils
== Summary ==
This change is about retiring the ypbind, yp-tools, and ypserv
packages, and removal of the {nis,yp}domainname user-space utility
programs from the hostname package...
Possibly stupid question, but I am really confused by what "NIS" is in
packaging terms.
In EL 9, we added this to Python:
"Build without the legacy nis module"
https://gitlab.com/redhat/centos-stream/rpms/python3.9/-/merge_requests/1/
It removes the dependency on libnsl2 and libtirpc. However neither is listed in
this change proposal. Would we remove the nis Python module on Fedora as well,
or not?
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
Re: F36 Change: Retire the NIS(+) user-space utility programs (System-Wide Change proposal)
On pe, 22 loka 2021, Ian McInerney via devel wrote:
On Thu, Oct 21, 2021 at 9:38 PM Ben Cotton wrote:
https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils
== Summary ==
This change is about retiring the ypbind, yp-tools, and ypserv
packages, and removal of the {nis,yp}domainname user-space utility
programs from the hostname package.
== Owner ==
* Name: [[User:besser82 | Björn Esser]]
* Email: besse...@fedoraproject.org
== Detailed Description ==
Those utility programs used to be present on virtually any UNIX system
for decades, but are starting to become more and more deprecated.
Also NIS(+) is known for not being secure at all. As we are going to
[https://fedoraproject.org/wiki/Changes/drop_NIS_support_from_PAM
remove the support for NIS(+) in PAM] during this development cycle,
we also should get rid of those.
== Feedback ==
There was some discussion on
[
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/T662DD2FD3YNPTVTOPCYFQRSOQCJWCSZ/
the fedora-devel mailing-list]. Some people are reluctant about the
removal of NIS(+) user-space support, while most are okay with it as
there are more secure alternatives (LDAP, FreeIPA, etc.) available.
The FPL is +1 on doing so.
== Benefit to Fedora ==
With this change we start directing our users and developers to move
away from NIS(+) to secure alternatives like LDAP and/or FreeIPA.
== Scope ==
* Proposal owners:
** Retire the ypbind, yp-tools, and ypserv packages from Fedora.
Have you talked with the maintainers of these packages at all? I can't
recall if any of them replied in the RFC thread before, but it would be (in
my opinion) very bad form to retire a package without asking for the
maintainer's input and opinions.
(It might even be good to get one of/some of the maintainers as change
owners on this proposal as well to show they are involved in this).
-Ian
** Remove the {nis,yp}domainname user-space utility programs from the
hostname package.
* Other developers:
** Test this change.
* Release engineering: [https://pagure.io/releng/issue/10352 #10352]
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives: N/A
== Upgrade/compatibility impact ==
Users that were relying on support for NIS(+) will need to move to
secure alternatives like LDAP and/or FreeIPA.
== How To Test ==
Check whether the named utility programs are still installed on your
system after upgrading. If they are gone, everything is fine.
== User Experience ==
For some users this change may be a bit disruptive and it may require
some learning curve for switching to alternative solutions.
== Dependencies ==
There are actually no external dependencies.
This is not correct at all. FreeIPA does depend on nisdomainname utility
(part of hostname package).
SUDO depends on the correct value returned from getdomainname() in order
to support netgroups in LDAP-stored SUDO rules. Same rules are
implemented by FreeIPA and SSSD.
However, I think this is *not* deprecated technology question. Domain
name information is the part of UTS information in the kernel.
According to glibc implementation, getdomainname() pulls the domain name
from uname() syscall:
https://sourceware.org/git/?p=glibc.git;a=blob;f=misc/getdomain.c;h=09bb3b0e2cc214b406387294ad90b3c01e2d9a71;hb=HEAD
where 'domainname' is GNU extension. It represents a name of the domain
this host belongs to. Note that the domain name itself is not a DNS
domain name as it represents a higher abstraction level entity which can
be roughly mapped to a whole IPA or AD domain. This is how we actually
are using it in FreeIPA.
Someone has to set the domain name upon startup. So far, only
nisdomainname tool was doing that. If that is removed, then SUDO will
definitely break.
This does not require presence of NIS infrastructure but does require
properly configured NIS domain name on each client. Which means we must be
able to continue configuring NIS domain name.
== Contingency Plan ==
* Contingency mechanism: Unretire the packages and build them for Fedora
36.
* Contingency deadline: At beta freeze.
* Blocks release? Yes.
== Documentation ==
The documentation about those utility programs should be dropped, if
there even is any.
== Release Notes ==
The NIS(+) user-space utility programs have been removed from the
distribution.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
Re: F36 Change: Retire the NIS(+) user-space utility programs (System-Wide Change proposal)
On Thu, Oct 21, 2021 at 9:38 PM Ben Cotton wrote:
> https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils
>
>
> == Summary ==
>
> This change is about retiring the ypbind, yp-tools, and ypserv
> packages, and removal of the {nis,yp}domainname user-space utility
> programs from the hostname package.
>
>
> == Owner ==
>
> * Name: [[User:besser82 | Björn Esser]]
> * Email: besse...@fedoraproject.org
>
>
> == Detailed Description ==
> Those utility programs used to be present on virtually any UNIX system
> for decades, but are starting to become more and more deprecated.
> Also NIS(+) is known for not being secure at all. As we are going to
> [https://fedoraproject.org/wiki/Changes/drop_NIS_support_from_PAM
> remove the support for NIS(+) in PAM] during this development cycle,
> we also should get rid of those.
>
>
> == Feedback ==
> There was some discussion on
> [
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/T662DD2FD3YNPTVTOPCYFQRSOQCJWCSZ/
> the fedora-devel mailing-list]. Some people are reluctant about the
> removal of NIS(+) user-space support, while most are okay with it as
> there are more secure alternatives (LDAP, FreeIPA, etc.) available.
> The FPL is +1 on doing so.
>
>
> == Benefit to Fedora ==
> With this change we start directing our users and developers to move
> away from NIS(+) to secure alternatives like LDAP and/or FreeIPA.
>
>
> == Scope ==
> * Proposal owners:
> ** Retire the ypbind, yp-tools, and ypserv packages from Fedora.
>
Have you talked with the maintainers of these packages at all? I can't
recall if any of them replied in the RFC thread before, but it would be (in
my opinion) very bad form to retire a package without asking for the
maintainer's input and opinions.
(It might even be good to get one of/some of the maintainers as change
owners on this proposal as well to show they are involved in this).
-Ian
> ** Remove the {nis,yp}domainname user-space utility programs from the
> hostname package.
> * Other developers:
> ** Test this change.
> * Release engineering: [https://pagure.io/releng/issue/10352 #10352]
> * Policies and guidelines: N/A (not needed for this Change)
> * Trademark approval: N/A (not needed for this Change)
> * Alignment with Objectives: N/A
>
>
> == Upgrade/compatibility impact ==
> Users that were relying on support for NIS(+) will need to move to
> secure alternatives like LDAP and/or FreeIPA.
>
>
> == How To Test ==
> Check whether the named utility programs are still installed on your
> system after upgrading. If they are gone, everything is fine.
>
>
> == User Experience ==
> For some users this change may be a bit disruptive and it may require
> some learning curve for switching to alternative solutions.
>
>
> == Dependencies ==
> There are actually no external dependencies.
>
>
> == Contingency Plan ==
> * Contingency mechanism: Unretire the packages and build them for Fedora
> 36.
> * Contingency deadline: At beta freeze.
> * Blocks release? Yes.
>
>
> == Documentation ==
> The documentation about those utility programs should be dropped, if
> there even is any.
>
>
> == Release Notes ==
> The NIS(+) user-space utility programs have been removed from the
> distribution.
>
>
> --
> Ben Cotton
> He / Him / His
> Fedora Program Manager
> Red Hat
> TZ=America/Indiana/Indianapolis
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
F36 Change: Retire the NIS(+) user-space utility programs (System-Wide Change proposal)
https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils
== Summary ==
This change is about retiring the ypbind, yp-tools, and ypserv
packages, and removal of the {nis,yp}domainname user-space utility
programs from the hostname package.
== Owner ==
* Name: [[User:besser82 | Björn Esser]]
* Email: besse...@fedoraproject.org
== Detailed Description ==
Those utility programs used to be present on virtually any UNIX system
for decades, but are starting to become more and more deprecated.
Also NIS(+) is known for not being secure at all. As we are going to
[https://fedoraproject.org/wiki/Changes/drop_NIS_support_from_PAM
remove the support for NIS(+) in PAM] during this development cycle,
we also should get rid of those.
== Feedback ==
There was some discussion on
[https://lists.fedoraproject.org/archives/list/de...@lists.fedoraproject.org/thread/T662DD2FD3YNPTVTOPCYFQRSOQCJWCSZ/
the fedora-devel mailing-list]. Some people are reluctant about the
removal of NIS(+) user-space support, while most are okay with it as
there are more secure alternatives (LDAP, FreeIPA, etc.) available.
The FPL is +1 on doing so.
== Benefit to Fedora ==
With this change we start directing our users and developers to move
away from NIS(+) to secure alternatives like LDAP and/or FreeIPA.
== Scope ==
* Proposal owners:
** Retire the ypbind, yp-tools, and ypserv packages from Fedora.
** Remove the {nis,yp}domainname user-space utility programs from the
hostname package.
* Other developers:
** Test this change.
* Release engineering: [https://pagure.io/releng/issue/10352 #10352]
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives: N/A
== Upgrade/compatibility impact ==
Users that were relying on support for NIS(+) will need to move to
secure alternatives like LDAP and/or FreeIPA.
== How To Test ==
Check whether the named utility programs are still installed on your
system after upgrading. If they are gone, everything is fine.
== User Experience ==
For some users this change may be a bit disruptive and it may require
some learning curve for switching to alternative solutions.
== Dependencies ==
There are actually no external dependencies.
== Contingency Plan ==
* Contingency mechanism: Unretire the packages and build them for Fedora 36.
* Contingency deadline: At beta freeze.
* Blocks release? Yes.
== Documentation ==
The documentation about those utility programs should be dropped, if
there even is any.
== Release Notes ==
The NIS(+) user-space utility programs have been removed from the distribution.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
___
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
F36 Change: Retire the NIS(+) user-space utility programs (System-Wide Change proposal)
https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils
== Summary ==
This change is about retiring the ypbind, yp-tools, and ypserv
packages, and removal of the {nis,yp}domainname user-space utility
programs from the hostname package.
== Owner ==
* Name: [[User:besser82 | Björn Esser]]
* Email: besse...@fedoraproject.org
== Detailed Description ==
Those utility programs used to be present on virtually any UNIX system
for decades, but are starting to become more and more deprecated.
Also NIS(+) is known for not being secure at all. As we are going to
[https://fedoraproject.org/wiki/Changes/drop_NIS_support_from_PAM
remove the support for NIS(+) in PAM] during this development cycle,
we also should get rid of those.
== Feedback ==
There was some discussion on
[https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/T662DD2FD3YNPTVTOPCYFQRSOQCJWCSZ/
the fedora-devel mailing-list]. Some people are reluctant about the
removal of NIS(+) user-space support, while most are okay with it as
there are more secure alternatives (LDAP, FreeIPA, etc.) available.
The FPL is +1 on doing so.
== Benefit to Fedora ==
With this change we start directing our users and developers to move
away from NIS(+) to secure alternatives like LDAP and/or FreeIPA.
== Scope ==
* Proposal owners:
** Retire the ypbind, yp-tools, and ypserv packages from Fedora.
** Remove the {nis,yp}domainname user-space utility programs from the
hostname package.
* Other developers:
** Test this change.
* Release engineering: [https://pagure.io/releng/issue/10352 #10352]
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives: N/A
== Upgrade/compatibility impact ==
Users that were relying on support for NIS(+) will need to move to
secure alternatives like LDAP and/or FreeIPA.
== How To Test ==
Check whether the named utility programs are still installed on your
system after upgrading. If they are gone, everything is fine.
== User Experience ==
For some users this change may be a bit disruptive and it may require
some learning curve for switching to alternative solutions.
== Dependencies ==
There are actually no external dependencies.
== Contingency Plan ==
* Contingency mechanism: Unretire the packages and build them for Fedora 36.
* Contingency deadline: At beta freeze.
* Blocks release? Yes.
== Documentation ==
The documentation about those utility programs should be dropped, if
there even is any.
== Release Notes ==
The NIS(+) user-space utility programs have been removed from the distribution.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
