Antw: Re: OpenLDAP 2.5 plans and community engagement

["Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>]

>>> Michael Ströder <michael@stroeder.com> schrieb am 09.08.2019 um 08:00 in
Nachricht <c682ab67-5216-0bc4-d4fa-5ca85e2e8372@stroeder.com>:
> On 8/9/19 1:47 AM, Quanah Gibson-Mount wrote:
>> --On Wednesday, August 7, 2019 8:08 AM -0400 David Magda
>> <dmagda@ee.ryerson.ca> wrote:
>> I.e., 'providing' a build of OpenLDAP has a number of complexities.
> 
> Full ack.
> 
> It's really hard to decide what is needed in a package.
> 
> Linux distributions tend to enable all features to please everybody. But
> for highly secured systems it is mandatory to disable unneeded
> functionality. E.g. I'm maintaining the full-featured builds for
> openSUSE but personally I'm using stripped down builds without all
> deprecated backends.
> 
> Also Linux distros implement pseudo config management in there packages
> which trys to create a default config. Mostly this defeats serious
> deployments using a decent config management. I saw production systems
> break after a "yum update" or "apt-get upgrade" because of overzealous
> package post installation tasks.

Yes, we also run an installation on SLES that the SLES configuration tool
(yast) cannot handle any more...

> 
>>>> 2015 had a lot of serious bugs in its release, the releases were rushed,
>>>> and the result of rushing was bad.  I don't think 2015 is a "good"
>>>> example of how things should be done.
>>>
>>> That is an argument for timed releases.
>> 
>> I fail to see how that's the case.
> 
> Me too. Especially because timed releases can also lead to some kind of
> rush before the release date.
> 
>> What I see is that we need to:
>> a) Ensure we have CI/CD
>> and
>> b) Better/expanded test cases & databases to validate against
>> and
>> c) more participation from the community in testing/validating new
>> features and code fixes.
> 
> Again, full ack here.
> 
> Ciao, Michael.