Re: [Bug 1905790] Re: Recompile SSSD in 20.04 using OpenSSL (instead of NSS) support for p11_child
>> Soo... Given we prefer to stay conservative and not change SSSD crypto > > I didn't say that! I know, I'm not saying that you took a decision on that but I was speaking in plural form as I recognize what you say in the sense that indeed there may be cases which we don't think of that we could break. >> backend fully (to be clear, I would have preferred it to follow >> upstream, not to provide a solution that will change in next LTS no >> matter what, and avoid having "frankensteins", but wasn't a strong >> requirement for me) I've been exploring ways to get only the component >> we care (p11_child) to use p11-kit and openssl. > > This is certainly a valuable angle to look at - thanks! > >> Robie, this would be better SRU approach? > > I think you misunderstand me. I'm not saying that your upload *has* to > be narrow. I've not formed an opinion that yet. What I'm saying is that > whatever size of scope you choose, there must be a regression analysis > that covers that scope. I understood this, reason why I thought that, given we have the chance to make it a narrower scope, then I tried to get that done. > But the analysis is still necessary and must not be skipped. Sure, not trying to do that, I'm just saying that I can't over all the cases myself. > I appreciate that sometimes it's harder or riskier to narrow the scope, > so I'm still open to widening the scope - *if* there is an appropriate > justification *and* full regression analysis of that wider scope > provided. Problem is that I'm quite sure we can't cover all the cases in a such complicated piece of software that may be configured in so many ways. Thus the reason I thought narrowing the scope was a better idea. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905790 Title: Make SSSD in 20.04 using OpenSSL and p11-kit (instead of NSS) for p11_child To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1905790/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1905790] Re: Recompile SSSD in 20.04 using OpenSSL (instead of NSS) support for p11_child
On Wed, Dec 02, 2020 at 03:29:43AM -, Marco Trevisan (Treviño) wrote: > Soo... Given we prefer to stay conservative and not change SSSD crypto I didn't say that! > backend fully (to be clear, I would have preferred it to follow > upstream, not to provide a solution that will change in next LTS no > matter what, and avoid having "frankensteins", but wasn't a strong > requirement for me) I've been exploring ways to get only the component > we care (p11_child) to use p11-kit and openssl. This is certainly a valuable angle to look at - thanks! > Robie, this would be better SRU approach? I think you misunderstand me. I'm not saying that your upload *has* to be narrow. I've not formed an opinion that yet. What I'm saying is that whatever size of scope you choose, there must be a regression analysis that covers that scope. If you take a widely scope, then I expect a regression analysis to cover what I feel are the obvious possible implications of that change. By nature of it being wider, the regression analysis can be expected to be more work, of course. Because a wider scope generally correlates with increased regression risk, I'd also expect a justification of why the narrow scope is less desirable. But the analysis is still necessary and must not be skipped. If you take a narrow scope, then that's correlated with lower regression risk, and because a regression analysis would be narrower in scope to match, it might well be less work. I appreciate that sometimes it's harder or riskier to narrow the scope, so I'm still open to widening the scope - *if* there is an appropriate justification *and* full regression analysis of that wider scope provided. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905790 Title: Make SSSD in 20.04 using OpenSSL and p11-kit (instead of NSS) for p11_child To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1905790/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs