Karl, thank you for the detailed writeup? This looks very useful. I'll leave Marco to respond as he drove the change in question, but a couple of less technical comments:
On Thu, Mar 18, 2021 at 01:16:28AM -0000, Karl Grindley wrote: > I don't discourage this change, in fact, will help push along the MFA > adoption. [I rearranged ordering of your sentences a bit for context] > I'd also suggest that MFA support in general should be considered a core > requirement for future versions of the LTS, and well tested, supported > and documented. Adoption will only grow with time, and become more > critical. This will help reduce the variations of implementations, and > help drive folks to a known and supported configuration. Thank you for the support! I believe this was exactly Marco's intention. > However, I think perhaps some preflight checks in the package could > solve someone bricking their machine. (or a large quantity of machines). It sounds to me that there's some scope for improvement then, if that can be figured out between you and Marco, and that a revert isn't required. So to ensure there's no misunderstanding about expectations about this bug, the way I see it now is that we're going to keep what we have. Marco will (presumably) consider your suggestion and that might lead to a further upload to add some further sanity checks depending on how the details pan out. We can use this bug to track and communicate about that. Does that work for everyone? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1919563 Title: updated sssd with smart cards now brick systems without full cert chain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1919563/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
