[Freeipa-devel] [PATCH] 252 Add the CA constraint to the self-signed CA we generate
Dmitri Pal
dpal at redhat.com
Thu Aug 27 22:54:53 UTC 2009
David O'Brien wrote:
> Simo Sorce wrote:
>> On Mon, 2009-08-17 at 09:59 -0400, Rob Crittenden wrote:
>>
>>> This patch is for the ipa-1-2 branch. It adds the CA constraint to
>>> the self-signed CA we generate. Otherwise FF 3.5+ won't talk to an
>>> IPA-generated web cert. This should resolve bug 514027.
>>>
>>
>> Ack.
>>
>> Simo.
>>
>>
> I'm not sure how to treat this. The Release Notes for freeIPA 1.2 only
> listed FF 1.5, 2.0, and 3.0 as supported versions. Should I update the
> Release Notes to include 3.5+? Should we just post something on
> freeipa.org as "News"? What happens when FF 4.0 comes out and (maybe)
> the problem reappears?
>
> This sounds like a dumb question but I just haven't come across it
> before :-\
>
> Thanks.
>
Well, I am not sure either but with the model OSS has it seems that we
are on hook with fixing cases like this if a newer version of something
we rely upon breaks us.
In case of this bug it is pure our bug that was obscured by bug in FF.
Now when FF fixed their bug we should fix ours.
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list