[Freeipa-devel] [PATCHES] 91-92 Add support for RFC 6594 SSHFP DNS records

Rob Crittenden rcritten at redhat.com
Thu Jan 31 18:59:08 UTC 2013


Jan Cholasta wrote:
> On 23.1.2013 23:45, Rob Crittenden wrote:
>> Jan Cholasta wrote:
>>> On 10.1.2013 05:56, Jan Cholasta wrote:
>>>> Hi,
>>>>
>>>> Patch 91 removes module ipapython.compat. The code that uses it doesn't
>>>> work with ancient Python versions anyway, so there's no need to keep it
>>>> around.
>>>>
>>>> Patch 92 adds support for automatic generation of RFC 6594 SSHFP DNS
>>>> records to ipa-client-install and host plugin, as described in
>>>> <http://freeipa.org/page/V3/RFC_6594_SSHFP_DNS_records>. Note that
>>>> <https://fedorahosted.org/freeipa/ticket/2642#comment:7> still applies.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/2642
>>>>
>>>> Honza
>>>>
>>>
>>> Self-NACK, forgot to actually remove ipapython/compat.py in the first
>>> patch. Also removed an unnecessary try block from the second patch.
>>>
>>> Honza
>>
>> These look good. I'm a little concerned about the magic numbers in the
>> SSHFP code. I know these come from the RFCs. Can you add a comment there
>> so future developers know where the values for key type and fingerprint
>> type come from?
>>
>> rob
>
> Comment added.
>

Sorry, I just noticed that this is an RFE and there is no design page. 
Can you write one up real quick, then I'll push both.

I went back and forth a few times on whether we should have a ticket on 
the dropping of compat, if only to codify that we're giving up an python 
2.6, but since this has been a given for a while I think we're ok.

rob




More information about the Freeipa-devel mailing list