Hi all, Pursuant to recent discussions, here is a draft design[1] that formalises and (as of initial draft) proposes some changes to FreeIPA's certificate revocation behaviours.
Nothing is set in stone. Every change is up for debate. There are some open questions (search for **TODO** and **QUESTION** in the document). The general idea is to eliminate inconsistency, redundancy, potential confusion, and command complexity in how revocation is handled in IPA, so that the commands and behaviours are easy for operators to understand. With the creation of this design proposal and the corresponding ticket[2], the ticket and PR[3][4] that began the recent discussion have been closed. [1] https://www.freeipa.org/page/V4/Certificate_revocation_behaviour_standardisation [2] https://pagure.io/freeipa/issue/7580 [3] https://pagure.io/freeipa/issue/7482 [4] https://github.com/freeipa/freeipa/pull/1915 Thanks, Fraser _______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/YAUOIGJNDLER5SYSNFXPKMK4NWOJH7K6/