[Freeipa-devel] Proposed changes to the HBAC grammar

Simo Sorce ssorce at redhat.com
Wed Nov 17 22:06:16 UTC 2010


On Wed, 17 Nov 2010 16:51:12 -0500
Adam Young <ayoung at redhat.com> wrote:

> Since we are so close to deadline on this, I suspect we should go
> with something as straightforward as this, and expand it post release.

Expanding post release would be an ABI change, not feasible.
Remember that *clients* need to interpret this, that's why we defined
the grammar so much in advance.

Once released it is basically unchangeable.
So incremental doesn't work here, unless you have a way to tell how
client should behave when they do not understand what they are
receiving, and the only answer I see in that case is that they will
behave *badly* (ie the only option they have is to deny always).

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York




More information about the Freeipa-devel mailing list