[Freeipa-devel] [PATCHES] 91-92 Add support for RFC 6594 SSHFP DNS records

[Jan Cholasta]

On 31.1.2013 19:59, Rob Crittenden wrote:
> Jan Cholasta wrote:
>> On 23.1.2013 23:45, Rob Crittenden wrote:
>>> Jan Cholasta wrote:
>>>> On 10.1.2013 05:56, Jan Cholasta wrote:
>>>>> Hi,
>>>>>
>>>>> Patch 91 removes module ipapython.compat. The code that uses it
>>>>> doesn't
>>>>> work with ancient Python versions anyway, so there's no need to
>>>>> keep it
>>>>> around.
>>>>>
>>>>> Patch 92 adds support for automatic generation of RFC 6594 SSHFP DNS
>>>>> records to ipa-client-install and host plugin, as described in
>>>>> <http://freeipa.org/page/V3/RFC_6594_SSHFP_DNS_records>. Note that
>>>>> <https://fedorahosted.org/freeipa/ticket/2642#comment:7> still
>>>>> applies.
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/2642
>>>>>
>>>>> Honza
>>>>>
>>>>
>>>> Self-NACK, forgot to actually remove ipapython/compat.py in the first
>>>> patch. Also removed an unnecessary try block from the second patch.
>>>>
>>>> Honza
>>>
>>> These look good. I'm a little concerned about the magic numbers in the
>>> SSHFP code. I know these come from the RFCs. Can you add a comment there
>>> so future developers know where the values for key type and fingerprint
>>> type come from?
>>>
>>> rob
>>
>> Comment added.
>>
>
> Sorry, I just noticed that this is an RFE and there is no design page.
> Can you write one up real quick, then I'll push both.

Umm.. yes there is, it is linked in the first message of this thread: 
<http://freeipa.org/page/V3/RFC_6594_SSHFP_DNS_records>.

>
> I went back and forth a few times on whether we should have a ticket on
> the dropping of compat, if only to codify that we're giving up an python
> 2.6, but since this has been a given for a while I think we're ok.

It's Python 2.5 that we are giving up on, not Python 2.6. In fact, we 
already gave up on it, our code does not work with it even if we keep 
compat in (we use some Python features which are not available in 2.5).

>
> rob

Honza

-- 
Jan Cholasta