Release Meeting Minutes/2013-04-23
Will Fiveash, Thomas Hardjono, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu
- Günther had a few new packages for pkgconfig
- Relatedly, what subpackages should we have for CPE purposes?
- KDC (including kadmin), app server, client.
- krb5-1.9.5 EOL release for krb5-1.9, unless strong objections.
Simo has concerns about backports of security patches. Tom clarifies that we'll patch master, and can backport patches if requested (where they don't apply cleanly to older releases). We'll still handle vulnerabilities specific to unsupported releases, but won't issue new patch releases. We would generally issue patches and check patches into the release branch without intending to make a formal patch release.
- Clarify documentation about meaning of supported releases
- Audit -- translate numbers to strings?
- Dmitri suggested strings only.
- Better type safety.
Some discussion. All strings means some plugin authors would have to do more work. Also complicates memory management in the audit code paths in the KDC.
- TGS-REQ second ticket means another layer of messages.
- Could split into multiple audit events, correlate by hash of request or something.