Re: F36 Change: Retire the NIS(+) user-space utility programs (System-Wide Change proposal)
On 21. 10. 21 22:37, Ben Cotton wrote: https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils == Summary == This change is about retiring the ypbind, yp-tools, and ypserv packages, and removal of the {nis,yp}domainname user-space utility programs from the hostname package... Possibly stupid question, but I am really confused by what "NIS" is in packaging terms. In EL 9, we added this to Python: "Build without the legacy nis module" https://gitlab.com/redhat/centos-stream/rpms/python3.9/-/merge_requests/1/ It removes the dependency on libnsl2 and libtirpc. However neither is listed in this change proposal. Would we remove the nis Python module on Fedora as well, or not? -- Miro Hrončok -- Phone: +420777974800 IRC: mhroncok ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F36 Change: Retire the NIS(+) user-space utility programs (System-Wide Change proposal)
On pe, 22 loka 2021, Ian McInerney via devel wrote: On Thu, Oct 21, 2021 at 9:38 PM Ben Cotton wrote: https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils == Summary == This change is about retiring the ypbind, yp-tools, and ypserv packages, and removal of the {nis,yp}domainname user-space utility programs from the hostname package. == Owner == * Name: [[User:besser82 | Björn Esser]] * Email: besse...@fedoraproject.org == Detailed Description == Those utility programs used to be present on virtually any UNIX system for decades, but are starting to become more and more deprecated. Also NIS(+) is known for not being secure at all. As we are going to [https://fedoraproject.org/wiki/Changes/drop_NIS_support_from_PAM remove the support for NIS(+) in PAM] during this development cycle, we also should get rid of those. == Feedback == There was some discussion on [ https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/T662DD2FD3YNPTVTOPCYFQRSOQCJWCSZ/ the fedora-devel mailing-list]. Some people are reluctant about the removal of NIS(+) user-space support, while most are okay with it as there are more secure alternatives (LDAP, FreeIPA, etc.) available. The FPL is +1 on doing so. == Benefit to Fedora == With this change we start directing our users and developers to move away from NIS(+) to secure alternatives like LDAP and/or FreeIPA. == Scope == * Proposal owners: ** Retire the ypbind, yp-tools, and ypserv packages from Fedora. Have you talked with the maintainers of these packages at all? I can't recall if any of them replied in the RFC thread before, but it would be (in my opinion) very bad form to retire a package without asking for the maintainer's input and opinions. (It might even be good to get one of/some of the maintainers as change owners on this proposal as well to show they are involved in this). -Ian ** Remove the {nis,yp}domainname user-space utility programs from the hostname package. * Other developers: ** Test this change. * Release engineering: [https://pagure.io/releng/issue/10352 #10352] * Policies and guidelines: N/A (not needed for this Change) * Trademark approval: N/A (not needed for this Change) * Alignment with Objectives: N/A == Upgrade/compatibility impact == Users that were relying on support for NIS(+) will need to move to secure alternatives like LDAP and/or FreeIPA. == How To Test == Check whether the named utility programs are still installed on your system after upgrading. If they are gone, everything is fine. == User Experience == For some users this change may be a bit disruptive and it may require some learning curve for switching to alternative solutions. == Dependencies == There are actually no external dependencies. This is not correct at all. FreeIPA does depend on nisdomainname utility (part of hostname package). SUDO depends on the correct value returned from getdomainname() in order to support netgroups in LDAP-stored SUDO rules. Same rules are implemented by FreeIPA and SSSD. However, I think this is *not* deprecated technology question. Domain name information is the part of UTS information in the kernel. According to glibc implementation, getdomainname() pulls the domain name from uname() syscall: https://sourceware.org/git/?p=glibc.git;a=blob;f=misc/getdomain.c;h=09bb3b0e2cc214b406387294ad90b3c01e2d9a71;hb=HEAD where 'domainname' is GNU extension. It represents a name of the domain this host belongs to. Note that the domain name itself is not a DNS domain name as it represents a higher abstraction level entity which can be roughly mapped to a whole IPA or AD domain. This is how we actually are using it in FreeIPA. Someone has to set the domain name upon startup. So far, only nisdomainname tool was doing that. If that is removed, then SUDO will definitely break. This does not require presence of NIS infrastructure but does require properly configured NIS domain name on each client. Which means we must be able to continue configuring NIS domain name. == Contingency Plan == * Contingency mechanism: Unretire the packages and build them for Fedora 36. * Contingency deadline: At beta freeze. * Blocks release? Yes. == Documentation == The documentation about those utility programs should be dropped, if there even is any. == Release Notes == The NIS(+) user-space utility programs have been removed from the distribution. -- Ben Cotton He / Him / His Fedora Program Manager Red Hat TZ=America/Indiana/Indianapolis ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it:
Re: F36 Change: Retire the NIS(+) user-space utility programs (System-Wide Change proposal)
On Thu, Oct 21, 2021 at 9:38 PM Ben Cotton wrote: > https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils > > > == Summary == > > This change is about retiring the ypbind, yp-tools, and ypserv > packages, and removal of the {nis,yp}domainname user-space utility > programs from the hostname package. > > > == Owner == > > * Name: [[User:besser82 | Björn Esser]] > * Email: besse...@fedoraproject.org > > > == Detailed Description == > Those utility programs used to be present on virtually any UNIX system > for decades, but are starting to become more and more deprecated. > Also NIS(+) is known for not being secure at all. As we are going to > [https://fedoraproject.org/wiki/Changes/drop_NIS_support_from_PAM > remove the support for NIS(+) in PAM] during this development cycle, > we also should get rid of those. > > > == Feedback == > There was some discussion on > [ > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/T662DD2FD3YNPTVTOPCYFQRSOQCJWCSZ/ > the fedora-devel mailing-list]. Some people are reluctant about the > removal of NIS(+) user-space support, while most are okay with it as > there are more secure alternatives (LDAP, FreeIPA, etc.) available. > The FPL is +1 on doing so. > > > == Benefit to Fedora == > With this change we start directing our users and developers to move > away from NIS(+) to secure alternatives like LDAP and/or FreeIPA. > > > == Scope == > * Proposal owners: > ** Retire the ypbind, yp-tools, and ypserv packages from Fedora. > Have you talked with the maintainers of these packages at all? I can't recall if any of them replied in the RFC thread before, but it would be (in my opinion) very bad form to retire a package without asking for the maintainer's input and opinions. (It might even be good to get one of/some of the maintainers as change owners on this proposal as well to show they are involved in this). -Ian > ** Remove the {nis,yp}domainname user-space utility programs from the > hostname package. > * Other developers: > ** Test this change. > * Release engineering: [https://pagure.io/releng/issue/10352 #10352] > * Policies and guidelines: N/A (not needed for this Change) > * Trademark approval: N/A (not needed for this Change) > * Alignment with Objectives: N/A > > > == Upgrade/compatibility impact == > Users that were relying on support for NIS(+) will need to move to > secure alternatives like LDAP and/or FreeIPA. > > > == How To Test == > Check whether the named utility programs are still installed on your > system after upgrading. If they are gone, everything is fine. > > > == User Experience == > For some users this change may be a bit disruptive and it may require > some learning curve for switching to alternative solutions. > > > == Dependencies == > There are actually no external dependencies. > > > == Contingency Plan == > * Contingency mechanism: Unretire the packages and build them for Fedora > 36. > * Contingency deadline: At beta freeze. > * Blocks release? Yes. > > > == Documentation == > The documentation about those utility programs should be dropped, if > there even is any. > > > == Release Notes == > The NIS(+) user-space utility programs have been removed from the > distribution. > > > -- > Ben Cotton > He / Him / His > Fedora Program Manager > Red Hat > TZ=America/Indiana/Indianapolis > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
F36 Change: Retire the NIS(+) user-space utility programs (System-Wide Change proposal)
https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils == Summary == This change is about retiring the ypbind, yp-tools, and ypserv packages, and removal of the {nis,yp}domainname user-space utility programs from the hostname package. == Owner == * Name: [[User:besser82 | Björn Esser]] * Email: besse...@fedoraproject.org == Detailed Description == Those utility programs used to be present on virtually any UNIX system for decades, but are starting to become more and more deprecated. Also NIS(+) is known for not being secure at all. As we are going to [https://fedoraproject.org/wiki/Changes/drop_NIS_support_from_PAM remove the support for NIS(+) in PAM] during this development cycle, we also should get rid of those. == Feedback == There was some discussion on [https://lists.fedoraproject.org/archives/list/de...@lists.fedoraproject.org/thread/T662DD2FD3YNPTVTOPCYFQRSOQCJWCSZ/ the fedora-devel mailing-list]. Some people are reluctant about the removal of NIS(+) user-space support, while most are okay with it as there are more secure alternatives (LDAP, FreeIPA, etc.) available. The FPL is +1 on doing so. == Benefit to Fedora == With this change we start directing our users and developers to move away from NIS(+) to secure alternatives like LDAP and/or FreeIPA. == Scope == * Proposal owners: ** Retire the ypbind, yp-tools, and ypserv packages from Fedora. ** Remove the {nis,yp}domainname user-space utility programs from the hostname package. * Other developers: ** Test this change. * Release engineering: [https://pagure.io/releng/issue/10352 #10352] * Policies and guidelines: N/A (not needed for this Change) * Trademark approval: N/A (not needed for this Change) * Alignment with Objectives: N/A == Upgrade/compatibility impact == Users that were relying on support for NIS(+) will need to move to secure alternatives like LDAP and/or FreeIPA. == How To Test == Check whether the named utility programs are still installed on your system after upgrading. If they are gone, everything is fine. == User Experience == For some users this change may be a bit disruptive and it may require some learning curve for switching to alternative solutions. == Dependencies == There are actually no external dependencies. == Contingency Plan == * Contingency mechanism: Unretire the packages and build them for Fedora 36. * Contingency deadline: At beta freeze. * Blocks release? Yes. == Documentation == The documentation about those utility programs should be dropped, if there even is any. == Release Notes == The NIS(+) user-space utility programs have been removed from the distribution. -- Ben Cotton He / Him / His Fedora Program Manager Red Hat TZ=America/Indiana/Indianapolis ___ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
F36 Change: Retire the NIS(+) user-space utility programs (System-Wide Change proposal)
https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils == Summary == This change is about retiring the ypbind, yp-tools, and ypserv packages, and removal of the {nis,yp}domainname user-space utility programs from the hostname package. == Owner == * Name: [[User:besser82 | Björn Esser]] * Email: besse...@fedoraproject.org == Detailed Description == Those utility programs used to be present on virtually any UNIX system for decades, but are starting to become more and more deprecated. Also NIS(+) is known for not being secure at all. As we are going to [https://fedoraproject.org/wiki/Changes/drop_NIS_support_from_PAM remove the support for NIS(+) in PAM] during this development cycle, we also should get rid of those. == Feedback == There was some discussion on [https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/T662DD2FD3YNPTVTOPCYFQRSOQCJWCSZ/ the fedora-devel mailing-list]. Some people are reluctant about the removal of NIS(+) user-space support, while most are okay with it as there are more secure alternatives (LDAP, FreeIPA, etc.) available. The FPL is +1 on doing so. == Benefit to Fedora == With this change we start directing our users and developers to move away from NIS(+) to secure alternatives like LDAP and/or FreeIPA. == Scope == * Proposal owners: ** Retire the ypbind, yp-tools, and ypserv packages from Fedora. ** Remove the {nis,yp}domainname user-space utility programs from the hostname package. * Other developers: ** Test this change. * Release engineering: [https://pagure.io/releng/issue/10352 #10352] * Policies and guidelines: N/A (not needed for this Change) * Trademark approval: N/A (not needed for this Change) * Alignment with Objectives: N/A == Upgrade/compatibility impact == Users that were relying on support for NIS(+) will need to move to secure alternatives like LDAP and/or FreeIPA. == How To Test == Check whether the named utility programs are still installed on your system after upgrading. If they are gone, everything is fine. == User Experience == For some users this change may be a bit disruptive and it may require some learning curve for switching to alternative solutions. == Dependencies == There are actually no external dependencies. == Contingency Plan == * Contingency mechanism: Unretire the packages and build them for Fedora 36. * Contingency deadline: At beta freeze. * Blocks release? Yes. == Documentation == The documentation about those utility programs should be dropped, if there even is any. == Release Notes == The NIS(+) user-space utility programs have been removed from the distribution. -- Ben Cotton He / Him / His Fedora Program Manager Red Hat TZ=America/Indiana/Indianapolis ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure