Re: Preparing for the Heimdal 7 Release

2016-10-19 Thread Quanah Gibson-Mount 
--On Wednesday, October 19, 2016 4:52 PM -0400 "Roland C. Dowdeswell" 
 wrote:



And, again, we aren't quite finished.  Organizations and
individuals wishing to submit changes to Heimdal for this
release are encouraged to do so no later than 1 November 2016.


I raised this ticket at the end of March.  While I don't have any patches 
for it, I am hoping someone does, or has the time to take care of it. 
Without this being fixed, Heimdal is incompatible with the default Kerbeors 
setups on RHEL out of the box:




Thanks,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Re: Preparing for the Heimdal 7 Release

2016-10-19 Thread Jeffrey Hutzelman 
On Wed, 2016-10-19 at 13:02 -0700, Russ Allbery wrote:
> January 5th is the soft freeze, beyond which new packages cannot be
> introduced into Debian stretch.  This is probably the last possible date
> for Heimdal 7 making it into the next Debian stable release.  If there is
> no stable release of Heimdal (with security support) by this point, and
> more realistically several weeks prior to this for people to package it
> (assuming the Heimdal packaging team in Debian is still willing to package
> Heimdal), Debian stable will ship without Heimdal.

I'd really like to avoid that happening.  Last I checked, Heimdal was
being maintained in Debian by Brian May.  If he's no longer interested
in doing so, and assuming we can get a stable release in a timely
fashion, I can probably scare up some cycles to get the packaging in
shape.  Someone else will have to do the uploads, though...

-- Jeff

Preparing for the Heimdal 7 Release

2016-10-19 Thread Roland C. Dowdeswell 
Dear Heimdal Community,

A team consisting of staff from Two Sigma Open Source and AuriStor
is starting the release process for Heimdal version 7.  We have
changed the version of the master branch to 6.99.1 which will be
considered our beta.  During the beta period, we will be fixing
remaining issues.  In addition, we are asking for the community
to submit any final patches or bug reports before the 1st of
November.

We expect to publish the first release candidate on or near the
11th of November.


Why 7?

We are adopting a new versioning scheme.

o  Each feature release will have a new major number.

o  The minor will be a patch level.  A value of 0 is
   reserved for release candidates.  A value of 99 is
   reserved for development.

o  Stable releases will not have a micro number.

o  Micro numbers will be incremented in release candidates
   and development as needed.

For example, the first release candidate will be 7.0.1.  The next
7.0.2, then 7.0.3, etc.  When the final release candidate is
deemed production quality, it will be renumbered as 7.1.
All bug fixes will then be 7.2, 7.3, etc.

New development for Heimdal 8 will be 7.99.1, 7.99.2, 7.99.3, etc.

When the next feature release is issued its version number will
start with 8.0.1 as the first release candidate and the first
release will be 8.1.


What will be in 7?

We have a lot of major improvements since our last official
release, including:

o  hcrypto is now thread safe on all platforms and
   as much as possible hcrypto now uses the operating
   system's preferred crypto implementation ensuring
   that optimized hardware assisted implementations of
   AES-NI are used.

o  RFC 6113 Generalized Framework for Kerberos
   Pre-Authentication (FAST).

o  iprop has been revamped to fix a number of race
   conditions that could lead to inconsistent replication.

o  The KDC process now uses a multi-process model improving
   resiliency and performance.

o  AES Encryption with HMAC-SHA2 for Kerberos 5
   draft-ietf-kitten-aes-cts-hmac-sha2-11


For a more detailed list of changes please see:

https://github.com/heimdal/heimdal/blob/master/NEWS

which contains a bullet point summary of the major security,
feature and bug fix changes that have been applied to the Heimdal
source tree over the last four years since the release of 1.5.3.

The list is currently not complete and we will be reviewing the
git log to add features and bug fixes to the list before we make
the final release.

We expect that the ABI for libgssapi and libkrb5 will be unchanged
from the prior release (1.5.3).  If any differences are discovered
during the release process, we will then fix them if practical
or document the differences in the release notes.

And, again, we aren't quite finished.  Organizations and
individuals wishing to submit changes to Heimdal for this
release are encouraged to do so no later than 1 November 2016.


The release process:

Each release candidate will be given two weeks for testing
and usability feedback.  If a serious bug is uncovered during
the review period then a new release candidate will be issued
once the bug has been fixed.  If after two weeks from candidate
release no new showstopping bugs are uncovered, then the release
candidate will be declared final.

-- 
Roland C. Dowdeswell