https://k5wiki.kerberos.org/w/api.php?action=feedcontributions&user=Lxs&feedformat=atomK5Wiki - User contributions [en]2024-03-29T06:04:55ZUser contributionsMediaWiki 1.27.4https://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-09-09&diff=499Release Meeting Minutes/2008-09-092008-09-09T18:40:28Z<p>Lxs: </p>
<hr />
<div>'''Meeting Notes 2008-9-9'''<br />
<br />
Attendees: Will, Tom, Alexis, Ken, Zhanna, Justin<br />
<br />
<br />
Tom: Project proposal?<br />
<br />
Will: Got some comments from Love and others.<br />
<br />
Tom: Key rollover to application servers? Adding support for issuing new keys to application server for the service principal.<br />
<br />
Will: Didn't make it into design. Can go back and try to add that functionality. Updating service keys.<br />
<br />
Tom: Want to have an inactive service key to distribute and then activate it at some point.<br />
<br />
Will: Run kadmin on a server and ktadd. Generates new keys on the KDC and keytab. What's the scenario in this case?<br />
<br />
Tom: If you have a service using a single service principal on multiple hosts. Want to create a new key and mark it as inactive. Distribute it to all the servers and once all the servers have it, mark it as active. AFS and some other Kerberized servers use the same key for all servers. Not the best way of using service keys but is needed in some circumstances.<br />
<br />
Will: Similar to master key rollover.<br />
<br />
Tom: Want to use mechanism for master key rollover for application service keys.<br />
<br />
Will: Send a review comment. Not going to have time to implement it, but would like to accomodate it.<br />
<br />
Tom: Updates. Will do you have anything extra?<br />
<br />
Will: Received Tom and Ken's comment on checklist. Will update and send out revised version. Next step: post on wiki as example?<br />
<br />
Tom: Yup.<br />
<br />
Will: Some other points that have come up would be more appropriate in process documentation.<br />
<br />
Justin: Working on KIM UI.<br />
<br />
Zhanna: Finishing up rcache project. Gearing up for new project.<br />
<br />
Ken: ASN.1 code<br />
<br />
Alexis: KIM library stuff. Cleaning up error handling and threads support.<br />
<br />
Tom: Apple loose ends. Client side principal referrals code. walk_rtree code. <br />
<br />
<br />
Tom: Would like to make this more of a development meeting. Not just about next release but also also big goals. Short term goals: KIM, iprop, master key rollover, etc. Mid to long term goals should be architectural goals. Behind on keeping architecture and design clean. What do people think are the code problems? What get in the way the most?<br />
<br />
Code problems (from team):<br />
<br />
*Lack of consistent C style (indenting, tab width, etc)<br />
*Not enough comments<br />
*Code duplication<br />
*Redundant macros and definitions<br />
*Too many warnings<br />
*Cross-platform test suite<br />
*Nightly builds and tests<br />
<br />
<br />
Will: Sun has been looking at what it would take to make the MIT source base as a drop-in. Can pass along report to MIT when work is completed. (eg: Debug logging, Internationalization support, kernel support, etc)<br />
<br />
Tom: For fixing we were thinking of fixing indentation all at once.<br />
<br />
Alexis: Indentation inconsistency gives people a bad first impression. So while it's probably a very minor thing it has a big impact in developer happiness. Doing it all at once means that developers have a clear idea of what code should look like just by looking at the code.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-09-09&diff=498Release Meeting Minutes/2008-09-092008-09-09T18:39:58Z<p>Lxs: </p>
<hr />
<div>'''Meeting Notes 2008-9-9'''<br />
<br />
Attendees: Will, Tom, Alexis, Ken, Zhanna, Justin<br />
<br />
<br />
Tom: Project proposal?<br />
<br />
Will: Got some comments from Love and others.<br />
<br />
Tom: Key rollover to application servers? Adding support for issuing new keys to application server for the service principal.<br />
<br />
Will: Didn't make it into design. Can go back and try to add that functionality. Updating service keys.<br />
<br />
Tom: Want to have an inactive service key to distribute and then activate it at some point.<br />
<br />
Will: Run kadmin on a server and ktadd. Generates new keys on the KDC and keytab. What's the scenario in this case?<br />
<br />
Tom: If you have a service using a single service principal on multiple hosts. Want to create a new key and mark it as inactive. Distribute it to all the servers and once all the servers have it, mark it as active. AFS and some other Kerberized servers use the same key for all servers. Not the best way of using service keys but is needed in some circumstances.<br />
<br />
Will: Similar to master key rollover.<br />
<br />
Tom: Want to use mechanism for master key rollover for application service keys.<br />
<br />
Will: Send a review comment. Not going to have time to implement it, but would like to accomodate it.<br />
<br />
Tom: Updates. Will do you have anything extra?<br />
<br />
Will: Received Tom and Ken's comment on checklist. Will update and send out revised version. Next step: post on wiki as example?<br />
<br />
Tom: Yup.<br />
<br />
Will: Some other points that have come up would be more appropriate in process documentation.<br />
<br />
Justin: Working on KIM UI.<br />
<br />
Zhanna: Finishing up rcache project. Gearing up for new project.<br />
<br />
Ken: ASN.1 code<br />
<br />
Alexis: KIM library stuff. Cleaning up error handling and threads support.<br />
<br />
Tom: Apple loose ends. Client side principal referrals code. walk_rtree code. <br />
<br />
<br />
Tom: Would like to make this more of a development meeting. Not just about next release but also also big goals. Short term goals: KIM, iprop, master key rollover, etc. Mid to long term goals should be architectural goals. Behind on keeping architecture and design clean. What do people think are the code problems? What get in the way the most?<br />
<br />
Code problems (from team):<br />
<br />
Lack of consistent C style (indenting, tab width, etc)<br />
Not enough comments<br />
Code duplication<br />
Redundant macros and definitions<br />
Too many warnings<br />
Cross-platform test suite<br />
Nightly builds and tests<br />
<br />
<br />
Will: Sun has been looking at what it would take to make the MIT source base as a drop-in. Can pass along report to MIT when work is completed. (eg: Debug logging, Internationalization support, kernel support, etc)<br />
<br />
Tom: For fixing we were thinking of fixing indentation all at once.<br />
<br />
Alexis: Indentation inconsistency gives people a bad first impression. So while it's probably a very minor thing it has a big impact in developer happiness. Doing it all at once means that developers have a clear idea of what code should look like just by looking at the code.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-09-09&diff=497Release Meeting Minutes/2008-09-092008-09-09T18:39:34Z<p>Lxs: New page: '''Meeting Notes 2008:9:9''' Attendees: Will, Tom, Alexis, Ken, Zhanna, Justin Tom: Project proposal? Will: Got some comments from Love and others. Tom: Key rollover to application se...</p>
<hr />
<div>'''Meeting Notes 2008:9:9'''<br />
<br />
Attendees: Will, Tom, Alexis, Ken, Zhanna, Justin<br />
<br />
<br />
Tom: Project proposal?<br />
<br />
Will: Got some comments from Love and others.<br />
<br />
Tom: Key rollover to application servers? Adding support for issuing new keys to application server for the service principal.<br />
<br />
Will: Didn't make it into design. Can go back and try to add that functionality. Updating service keys.<br />
<br />
Tom: Want to have an inactive service key to distribute and then activate it at some point.<br />
<br />
Will: Run kadmin on a server and ktadd. Generates new keys on the KDC and keytab. What's the scenario in this case?<br />
<br />
Tom: If you have a service using a single service principal on multiple hosts. Want to create a new key and mark it as inactive. Distribute it to all the servers and once all the servers have it, mark it as active. AFS and some other Kerberized servers use the same key for all servers. Not the best way of using service keys but is needed in some circumstances.<br />
<br />
Will: Similar to master key rollover.<br />
<br />
Tom: Want to use mechanism for master key rollover for application service keys.<br />
<br />
Will: Send a review comment. Not going to have time to implement it, but would like to accomodate it.<br />
<br />
Tom: Updates. Will do you have anything extra?<br />
<br />
Will: Received Tom and Ken's comment on checklist. Will update and send out revised version. Next step: post on wiki as example?<br />
<br />
Tom: Yup.<br />
<br />
Will: Some other points that have come up would be more appropriate in process documentation.<br />
<br />
Justin: Working on KIM UI.<br />
<br />
Zhanna: Finishing up rcache project. Gearing up for new project.<br />
<br />
Ken: ASN.1 code<br />
<br />
Alexis: KIM library stuff. Cleaning up error handling and threads support.<br />
<br />
Tom: Apple loose ends. Client side principal referrals code. walk_rtree code. <br />
<br />
<br />
Tom: Would like to make this more of a development meeting. Not just about next release but also also big goals. Short term goals: KIM, iprop, master key rollover, etc. Mid to long term goals should be architectural goals. Behind on keeping architecture and design clean. What do people think are the code problems? What get in the way the most?<br />
<br />
Code problems (from team):<br />
<br />
Lack of consistent C style (indenting, tab width, etc)<br />
Not enough comments<br />
Code duplication<br />
Redundant macros and definitions<br />
Too many warnings<br />
Cross-platform test suite<br />
Nightly builds and tests<br />
<br />
<br />
Will: Sun has been looking at what it would take to make the MIT source base as a drop-in. Can pass along report to MIT when work is completed. (eg: Debug logging, Internationalization support, kernel support, etc)<br />
<br />
Tom: For fixing we were thinking of fixing indentation all at once.<br />
<br />
Alexis: Indentation inconsistency gives people a bad first impression. So while it's probably a very minor thing it has a big impact in developer happiness. Doing it all at once means that developers have a clear idea of what code should look like just by looking at the code.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes&diff=496Release Meeting Minutes2008-09-09T18:37:59Z<p>Lxs: /* September 2008 */</p>
<hr />
<div>Public minutes of Kerberos Consortium Release Meetings arranged in reverse chronological order:<br />
<br />
==September 2008==<br />
<br />
[[Release Meeting Minutes/2008-09-09 | September 9, 2008 (2008-09-09)]]<br />
<br />
[[Release Meeting Minutes/2008-09-02 | September 2, 2008 (2008-09-02)]]<br />
<br />
==August 2008==<br />
<br />
[[Release Meeting Minutes/2008-08-26 | August 26, 2008 (2008-08-26)]]<br />
<br />
[[Release Meeting Minutes/2008-08-04 | August 4, 2008 (2008-08-04)]]<br />
<br />
==July 2008==<br />
<br />
[[Release Meeting Minutes/2008-07-21 | July 21, 2008 (2008-07-21)]]<br />
<br />
[[Release Meeting Minutes/2008-07-14 | July 14, 2008 (2008-07-14)]]<br />
<br />
[[Release Meeting Minutes/2008-07-07 | July 7, 2008 (2008-07-07)]]<br />
<br />
==June 2008==<br />
<br />
[[Release Meeting Minutes/2008-06-30 | June 30, 2008 (2008-06-30)]]<br />
<br />
[[Release Meeting Minutes/2008-06-23 | June 23, 2008 (2008-06-23)]]<br />
<br />
[[Release Meeting Minutes/2008-06-16 | June 16, 2008 (2008-06-16)]]<br />
<br />
==May 2008==<br />
<br />
[[Release Meeting Minutes/2008-05-19 | May 19, 2008 (2008-05-19)]]<br />
<br />
[[Release Meeting Minutes/2008-05-12 | May 12, 2008 (2008-05-12)]]<br />
<br />
[[Release Meeting Minutes/2008-05-05 | May 5, 2008 (2008-05-05)]]<br />
<br />
==April 2008==<br />
[[Release Meeting Minutes/2008-04-28 | April 28, 2008 (2008-04-28)]]<br />
<br />
[[Release Meeting Minutes/2008-04-14 | April 14, 2008 (2008-04-14)]]<br />
<br />
==March 2008==<br />
[[Release Meeting Minutes/2008-03-31 |March 31, 2008 (2008-03-31)]]<br />
<br />
[[Release Meeting Minutes/2008-03-24 |March 24, 2008 (2008-03-24)]]<br />
<br />
[[Release Meeting Minutes/2008-03-17 |March 17, 2008 (2008-03-17)]]<br />
<br />
[[Release Meeting Minutes/2008-03-10 |March 10, 2008 (2008-03-10)]]<br />
<br />
==February 2008==<br />
[[Release Meeting Minutes/2008-02-04 |February 4, 2008 (2008-02-04)]]<br />
<br />
==January 2008==<br />
[[Release Meeting Minutes/2008-01-28 |January 28, 2008 (2008-01-28)]]<br />
<br />
[[Release Meeting Minutes/2008-01-07 |January 7, 2008 (2008-01-07)]]<br />
<br />
==December 2007==<br />
[[Release Meeting Minutes/2007-12-17|December 17, 2007 (2007-12-17)]]<br />
<br />
[[Release Meeting Minutes/2007-12-10|December 10, 2007 (2007-12-10)]]</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-08-26&diff=438Release Meeting Minutes/2008-08-262008-08-26T17:55:33Z<p>Lxs: New page: '''Release Meeting Notes 8/26/2008''' Tom: Status updates: Been working on Kerberos Lite (client only libraries). RT server upgrade waiting on hostname rename scheduling. Integrating pa...</p>
<hr />
<div>'''Release Meeting Notes 8/26/2008'''<br />
<br />
Tom: Status updates: Been working on Kerberos Lite (client only libraries). RT server upgrade waiting on hostname rename scheduling. Integrating patches. Hiring.<br />
<br />
Zhanna: Working on replay cache performance analysis. Found a couple places for performance improvements. <br />
<br />
Will: Spent some work with Nico to improve replay cache code. In OpenSolaris. Might want to look at that replay cache code to see if there is anything of use.<br />
<br />
Ken: Authorization data plugin patch integration. Working on more patches this week.<br />
<br />
Justin: Stellar.<br />
<br />
Alexis: KfM 6.5a4. Warning removal patches. Hopefully will have a chance to work on KIM. Out of town Thursday and Friday.<br />
<br />
Will: Published (?). Brain dump of keytab stash project. Recommendations for RT ticket states.<br />
<br />
Tom: Is project proposal process to time consuming?<br />
<br />
Will: Good to have an initial proposal phase which doesn't require design, test plan, etc.<br />
<br />
Tom: So a stage where you propose ideas without having to flesh them out?<br />
<br />
Will: Yes. Just need enough detail to evaluate proposal. More explicit documentation on steps would also be good. Like the brain dump I sent.<br />
<br />
Tom: Flow chart?<br />
<br />
Will: Whatever makes sense. Could do something where people step through a process so they only see the current step and aren't overwhelmed with documentation. Also need more tool documentation. Lots of tools (RT, svn, etc) which people may not be familiar with.<br />
<br />
Tom: We can come up with explicit instructions for things like merging.<br />
<br />
Will: Best practices would also be useful. Things like creating a build directory outside the working directory, how to run a regression test (system requirements, steps, etc), when to run a regression test, etc.<br />
<br />
Tom: Ken and I can work from your draft and put something up on the wiki.<br />
<br />
Will: Can discuss in email.<br />
<br />
Tom: Need to distinguish policy and procedure pages so they are easy to find.<br />
<br />
Will: Would love to see something up to date, concise and well organized.<br />
<br />
Tom: Do you think our current wiki needs reorganization?<br />
<br />
Will: I think so. Hard to navigate when approaching it from the first time.<br />
<br />
Tom: Any other issues?<br />
<br />
Steve: If we push back the deadline for krb5 1.7, will that give you enough time to do the master key rollover?<br />
<br />
Will: Need to look at my schedule. I will send you an estimate.<br />
<br />
Steve: Fantastic.<br />
<br />
Will: What is the policy on patch releases?<br />
<br />
Tom: No official policy. Usually in response to security vulnerability or specific features people need in older releases.<br />
<br />
Will: Wondering if master key rollover could make it in a patch release to krb5 1.7 if it didn't make the first release.<br />
<br />
Steve: iProp and master key rollover are complimentary because iprop is a reason to upgrade and master key rollover makes upgrading much easier. We get to choose the date we release so we can delay for it if we don't have to delay too long.<br />
<br />
Tom: What release are you running?<br />
<br />
Will: It's a mix of different releases. We have taken lots of features without taking whole releases. Resyncs are very time consuming and risky. Would like to get to a point where Sun is taking whole releases.<br />
<br />
Tom: Where is the most divergence? How can we help?<br />
<br />
Will: Crypto layer has been modified to use Solaris crypto layer. Internationalization support. Split up code because some Kerberos code is in a kernel module which talks to a GSS daemon running in user space. Some code organizational support to get both user space libraries and kernel code building.<br />
<br />
Tom: Would a more modular Kerberos be helpful?<br />
<br />
Will: Would have to look at the code. Need to figure out what would be required of the consortium and come up with a proposal. More efficient if Sun does the research first.<br />
<br />
Tom: Does Sun use MIT's RPCSEC implementation?<br />
<br />
Will: As far as I know we use the Sun one.<br />
<br />
Tom: Would like an acceptably licensed copy of Sun's RPCSEC.<br />
<br />
Will: CDDL?<br />
<br />
Tom: I believe some of our other vendors can't use CDDL.<br />
<br />
Will: Would like the Kerberos consortium to take our code without licensing issues. May be necessary to get a drop-in code base and remove much of the Sun specific patches. Need to figure out what the licensing issues are. Need to get lawyers involved.<br />
<br />
Tom: Did get license settled with iprop donation but that was probably separate.<br />
<br />
Will: So MIT would like the Solaris implementation of RPCSEC?<br />
<br />
Tom: Yes, would like a modern RPC implementation.<br />
<br />
Steve: Need to write up as a proposal.<br />
<br />
Will: Hopefully with specifics we can work it out. Beneficial to Sun if MIT takes Sun's RPC.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes&diff=437Release Meeting Minutes2008-08-26T17:54:52Z<p>Lxs: /* August 2008 */</p>
<hr />
<div>Public minutes of Kerberos Consortium Release Meetings arranged in reverse chronological order:<br />
<br />
==August 2008==<br />
<br />
[[Release Meeting Minutes/2008-08-26 | August 26, 2008 (2008-08-26)]]<br />
<br />
[[Release Meeting Minutes/2008-08-04 | August 4, 2008 (2008-08-04)]]<br />
<br />
==July 2008==<br />
<br />
[[Release Meeting Minutes/2008-07-21 | July 21, 2008 (2008-07-21)]]<br />
<br />
[[Release Meeting Minutes/2008-07-14 | July 14, 2008 (2008-07-14)]]<br />
<br />
[[Release Meeting Minutes/2008-07-07 | July 7, 2008 (2008-07-07)]]<br />
<br />
==June 2008==<br />
<br />
[[Release Meeting Minutes/2008-06-30 | June 30, 2008 (2008-06-30)]]<br />
<br />
[[Release Meeting Minutes/2008-06-23 | June 23, 2008 (2008-06-23)]]<br />
<br />
[[Release Meeting Minutes/2008-06-16 | June 16, 2008 (2008-06-16)]]<br />
<br />
==May 2008==<br />
<br />
[[Release Meeting Minutes/2008-05-19 | May 19, 2008 (2008-05-19)]]<br />
<br />
[[Release Meeting Minutes/2008-05-12 | May 12, 2008 (2008-05-12)]]<br />
<br />
[[Release Meeting Minutes/2008-05-05 | May 5, 2008 (2008-05-05)]]<br />
<br />
==April 2008==<br />
[[Release Meeting Minutes/2008-04-28 | April 28, 2008 (2008-04-28)]]<br />
<br />
[[Release Meeting Minutes/2008-04-14 | April 14, 2008 (2008-04-14)]]<br />
<br />
==March 2008==<br />
[[Release Meeting Minutes/2008-03-31 |March 31, 2008 (2008-03-31)]]<br />
<br />
[[Release Meeting Minutes/2008-03-24 |March 24, 2008 (2008-03-24)]]<br />
<br />
[[Release Meeting Minutes/2008-03-17 |March 17, 2008 (2008-03-17)]]<br />
<br />
[[Release Meeting Minutes/2008-03-10 |March 10, 2008 (2008-03-10)]]<br />
<br />
==February 2008==<br />
[[Release Meeting Minutes/2008-02-04 |February 4, 2008 (2008-02-04)]]<br />
<br />
==January 2008==<br />
[[Release Meeting Minutes/2008-01-28 |January 28, 2008 (2008-01-28)]]<br />
<br />
[[Release Meeting Minutes/2008-01-07 |January 7, 2008 (2008-01-07)]]<br />
<br />
==December 2007==<br />
[[Release Meeting Minutes/2007-12-17|December 17, 2007 (2007-12-17)]]<br />
<br />
[[Release Meeting Minutes/2007-12-10|December 10, 2007 (2007-12-10)]]</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-07-14&diff=421Release Meeting Minutes/2008-07-142008-07-15T00:42:06Z<p>Lxs: New page: '''Minutes of weekly release meeting for 2008-07-14:''' '''Issues:''' Will: Master key keytab project. Code review deadline passed, no comments. Next step merge to trunk? Alexis: If n...</p>
<hr />
<div>'''Minutes of weekly release meeting for 2008-07-14:'''<br />
<br />
'''Issues:'''<br />
<br />
Will: Master key keytab project. Code review deadline passed, no comments. Next step merge to trunk?<br />
<br />
Alexis: If no one is reviewing, we should assign code review to people, probably people on core team. Is a chore so people aren't going to volunteer for it.<br />
<br />
Will: Regression tests pass. Changed test case to reflect new error.<br />
<br />
Tom: Did you check the kadm5 functional spec? It's in the krb5 doc directory. Functional spec documents original intent of authors.<br />
<br />
Will: Will check that.<br />
<br />
Tom: Code review?<br />
<br />
Alexis: Also need a way of identifying bugs that need code review without person who owns bug needing to assign it to someone. Maybe a "code reviewed" tag (ie: bug without tag hasn't been reviewed)<br />
<br />
Tom: Is tag/keyword system good?<br />
<br />
Ken: Okay for what it does.<br />
<br />
Alexis: nochange/noresource seem better for ticket states than keywords. "resolved" means fixed to me, which is confusing.<br />
<br />
Tom: If we use tickets for code review every change will have to have a ticket. Ken: patches?<br />
<br />
Alexis: Old commit handler for CVS produced command to get diff.<br />
<br />
Tom: Could also get URL to OpenGrok/FishEye<br />
<br />
Ken: Current URLs are ugly -- redirect via krbdev?<br />
<br />
Tom: URL names have leaked already. Rename of servers not happening quickly.<br />
<br />
Alexis: Would like both URL (redirect good) and svn command<br />
<br />
Will: "resolved" state isn't intuitive.<br />
<br />
Alexis: Would like to see bug states reflecting where the bug is in our processes. eg: new -> open -> code review -> build -> verify -> closed<br />
<br />
Tom: Using stalled for dumping sad tickets. Was supposed to be used for "waiting for requestor feedback".<br />
<br />
<br />
'''Roundtable:'''<br />
<br />
Will: Updating project page for master key rollover. Waiting for code review.<br />
<br />
Ken: Apple stuff. Domain-realm referrals stuff -- supposed to be reviewing comments but no comments. Can review master key keytab patch for Will while waiting.<br />
<br />
Tom: Apple patches. Admin stuff.<br />
<br />
Alexis: KIM sample code. Set up meeting with Justin. Get MIT KfM builds working with BTMM. KfM 6.5a3 submission.<br />
<br />
Robert: Client & server working. Adding docs so can get feedback.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes&diff=420Release Meeting Minutes2008-07-15T00:26:32Z<p>Lxs: /* July 2008 */</p>
<hr />
<div>Public minutes of Kerberos Consortium Release Meetings arranged in reverse chronological order:<br />
<br />
==July 2008==<br />
<br />
[[Release Meeting Minutes/2008-07-14 | July 14, 2008 (2008-07-14)]]<br />
<br />
[[Release Meeting Minutes/2008-07-07 | July 7, 2008 (2008-07-07)]]<br />
<br />
==June 2008==<br />
<br />
[[Release Meeting Minutes/2008-06-30 | June 30, 2008 (2008-06-30)]]<br />
<br />
[[Release Meeting Minutes/2008-06-23 | June 23, 2008 (2008-06-23)]]<br />
<br />
[[Release Meeting Minutes/2008-06-16 | June 16, 2008 (2008-06-16)]]<br />
<br />
==May 2008==<br />
<br />
[[Release Meeting Minutes/2008-05-19 | May 19, 2008 (2008-05-19)]]<br />
<br />
[[Release Meeting Minutes/2008-05-12 | May 12, 2008 (2008-05-12)]]<br />
<br />
[[Release Meeting Minutes/2008-05-05 | May 5, 2008 (2008-05-05)]]<br />
<br />
==April 2008==<br />
[[Release Meeting Minutes/2008-04-28 | April 28, 2008 (2008-04-28)]]<br />
<br />
[[Release Meeting Minutes/2008-04-14 | April 14, 2008 (2008-04-14)]]<br />
<br />
==March 2008==<br />
[[Release Meeting Minutes/2008-03-31 |March 31, 2008 (2008-03-31)]]<br />
<br />
[[Release Meeting Minutes/2008-03-24 |March 24, 2008 (2008-03-24)]]<br />
<br />
[[Release Meeting Minutes/2008-03-17 |March 17, 2008 (2008-03-17)]]<br />
<br />
[[Release Meeting Minutes/2008-03-10 |March 10, 2008 (2008-03-10)]]<br />
<br />
==February 2008==<br />
[[Release Meeting Minutes/2008-02-04 |February 4, 2008 (2008-02-04)]]<br />
<br />
==January 2008==<br />
[[Release Meeting Minutes/2008-01-28 |January 28, 2008 (2008-01-28)]]<br />
<br />
[[Release Meeting Minutes/2008-01-07 |January 7, 2008 (2008-01-07)]]<br />
<br />
==December 2007==<br />
[[Release Meeting Minutes/2007-12-17|December 17, 2007 (2007-12-17)]]<br />
<br />
[[Release Meeting Minutes/2007-12-10|December 10, 2007 (2007-12-10)]]</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes&diff=419Release Meeting Minutes2008-07-15T00:26:08Z<p>Lxs: /* July 2008 */</p>
<hr />
<div>Public minutes of Kerberos Consortium Release Meetings arranged in reverse chronological order:<br />
<br />
==July 2008==<br />
<br />
[[Release Meeting Minutes/2008-14-07 | July 14, 2008 (2008-14-07)]]<br />
<br />
[[Release Meeting Minutes/2008-07-07 | July 7, 2008 (2008-07-07)]]<br />
<br />
==June 2008==<br />
<br />
[[Release Meeting Minutes/2008-06-30 | June 30, 2008 (2008-06-30)]]<br />
<br />
[[Release Meeting Minutes/2008-06-23 | June 23, 2008 (2008-06-23)]]<br />
<br />
[[Release Meeting Minutes/2008-06-16 | June 16, 2008 (2008-06-16)]]<br />
<br />
==May 2008==<br />
<br />
[[Release Meeting Minutes/2008-05-19 | May 19, 2008 (2008-05-19)]]<br />
<br />
[[Release Meeting Minutes/2008-05-12 | May 12, 2008 (2008-05-12)]]<br />
<br />
[[Release Meeting Minutes/2008-05-05 | May 5, 2008 (2008-05-05)]]<br />
<br />
==April 2008==<br />
[[Release Meeting Minutes/2008-04-28 | April 28, 2008 (2008-04-28)]]<br />
<br />
[[Release Meeting Minutes/2008-04-14 | April 14, 2008 (2008-04-14)]]<br />
<br />
==March 2008==<br />
[[Release Meeting Minutes/2008-03-31 |March 31, 2008 (2008-03-31)]]<br />
<br />
[[Release Meeting Minutes/2008-03-24 |March 24, 2008 (2008-03-24)]]<br />
<br />
[[Release Meeting Minutes/2008-03-17 |March 17, 2008 (2008-03-17)]]<br />
<br />
[[Release Meeting Minutes/2008-03-10 |March 10, 2008 (2008-03-10)]]<br />
<br />
==February 2008==<br />
[[Release Meeting Minutes/2008-02-04 |February 4, 2008 (2008-02-04)]]<br />
<br />
==January 2008==<br />
[[Release Meeting Minutes/2008-01-28 |January 28, 2008 (2008-01-28)]]<br />
<br />
[[Release Meeting Minutes/2008-01-07 |January 7, 2008 (2008-01-07)]]<br />
<br />
==December 2007==<br />
[[Release Meeting Minutes/2007-12-17|December 17, 2007 (2007-12-17)]]<br />
<br />
[[Release Meeting Minutes/2007-12-10|December 10, 2007 (2007-12-10)]]</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-07-07&diff=413Release Meeting Minutes/2008-07-072008-07-07T18:29:41Z<p>Lxs: </p>
<hr />
<div>Present: Alexandra, Justin, Ken, Robert, Stephen, Tom, Will<br />
<br />
Steve: lot to do through Sept. status?<br />
<br />
Tom: iprop is merged now<br />
<br />
Ken: doesn't appear to be getting any notice, deadline is about 2 weeks away<br />
<br />
Steve: definite dates will get a better response, should pick a specific deadline to encourage people to speak up<br />
<br />
<br />
'''Ken'''<br />
<br />
Steve: Ken preparing draft for IETF. Some time unallocated (the week before IETF). How to use it?<br />
<br />
Ken: Maybe something will pop up from Apple. Though anything from them would need to be fast tracked. Other than that, domain name referral.<br />
<br />
Steve: Should do more foundation work on Apple things to get a better feel for the problem space.<br />
<br />
Ken: Though we need to wait for Apple to tell us what they want.<br />
<br />
Steve: Ken's planned work takes him to the 3rd week of Sept.<br />
<br />
<br />
'''lxs'''<br />
<br />
Steve: lxs's planned work is well known<br />
<br />
lxs: working on newer patches. sent mail to list about patches, looking for response. who to assign patches to?<br />
<br />
Steve: assign patches to tom<br />
<br />
lxs: not enough time to work on embedded kerberos + KIM + patches by sept. waiting on justin for krb5_cc_cursor work.<br />
<br />
Steve: focus on KIM first<br />
<br />
Tom: several people will want that above other things<br />
<br />
<br />
'''Robert'''<br />
<br />
Steve: robert?<br />
<br />
Robert: work with putting krb things into mysql config files, though much of mysql appears hardcoded. should be working on linux platforms by end of day. also clean up, comments, review. <br />
<br />
Steve: wrap up mysql by friday?<br />
<br />
Robert: hoping to. a lot of testing between VMs, need to try with physical boxes.<br />
<br />
<br />
'''Will'''<br />
<br />
Will: Webrev in OpenSolaris. Version exists to work with subversion repositories. Looked at OpenGrok and FishEye. OpenGrok can browse branch but tedious to figure out full diffs. FishEye has stale data.<br />
<br />
Steve: FishEye has been out of date since June 9th. Known problem and will be fixed very soon.<br />
<br />
Will: Webrev might be useful for code review process. Sun will investigate.<br />
<br />
Steve: Is the real problem that no one has responded to the request for code review? Might just be that people didn't notice (and not that diffs are hard to get). Will should send up followup note with repeat of concrete deadline for code review.<br />
<br />
Tom: FishEye might have the functionality Sun wants. Just needs to get fixed. <br />
<br />
Steve: MIT doesn't want to invest in tools if the problem is just people not realizing they need to review the code.<br />
<br />
Will: Once code review is done, merge branch.<br />
<br />
<br />
'''Tom'''<br />
<br />
Tom: Working on roadmap, client side referrals, apple patches and krb4 removal<br />
<br />
<br />
'''Justin'''<br />
<br />
Justin: More ccol_cursor work. Presentation for another team will take up some time this week</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-06-30&diff=411Release Meeting Minutes/2008-06-302008-07-07T18:04:25Z<p>Lxs: New page: '''Minutes of weekly release meeting for 2008-06-30:''' '''Issues:''' Sun interested in multi-master KDC * Client library only tries 1 address. Even with a single KDC, client will only...</p>
<hr />
<div>'''Minutes of weekly release meeting for 2008-06-30:'''<br />
<br />
'''Issues:'''<br />
<br />
Sun interested in multi-master KDC<br />
<br />
* Client library only tries 1 address. Even with a single KDC, client will only use 1 of the KDC's addresses (makes multi-homed KDC useless)<br />
<br />
* What is the multi-master KDC use case? Who is asking for it? What release target is the client support needed for?<br />
<br />
* Not high priority because not many LDAP multi-master db backends deployed.<br />
<br />
* Code contribution would make this support more likely to ship with krb5-1.7<br />
<br />
'''Roundtable:'''<br />
<br />
Will: <br />
<br />
* Regression testing. 1 failure: Test #108 in kadm5 unit tests tries bogus principal. Old code would return "not found" error. Modified code returns "can't read master key" because the new error comes from inside the keytab code. Should function take principal argument? Use as search criteria?<br />
<br />
:Look at doc/kadm5 functional specification<br />
<br />
:Use detailed krb5 error handling to get better error message<br />
<br />
:Assumption was stash file held only 1 key -- principal used for prompting function?<br />
<br />
* Question to krbdev list: Should fetch function try to get kvno from principal if not passed in?<br />
<br />
:Should leave up to caller<br />
:KDC can look up on init and cache<br />
<br />
* Code review:<br />
<br />
:Pointer to branch<br />
:Diffs from web interface? Webrev (Sun tool) generates HTML diffs.<br />
:Can OpenGrok or FishEye do this? Investigate.<br />
:Process for code review diff generation?<br />
<br />
Ken:<br />
<br />
* Revising project for domain-realm referrals (KDC side)<br />
* IETF work<br />
<br />
Justin:<br />
<br />
* More ccache cursor work<br />
<br />
Tom:<br />
<br />
* Dev roadmap<br />
* IETF<br />
<br />
Alexis:<br />
<br />
* Patch integration<br />
* Hounding people about patches<br />
* Looking at bugs<br />
<br />
Robert:<br />
<br />
* Plugins<br />
* Documentation<br />
* Time estimates (need help from team)</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes&diff=409Release Meeting Minutes2008-07-07T17:49:07Z<p>Lxs: /* June 2008 */</p>
<hr />
<div>Public minutes of Kerberos Consortium Release Meetings arranged in reverse chronological order:<br />
<br />
==June 2008==<br />
<br />
[[Release Meeting Minutes/2008-06-30 | June 30, 2008 (2008-06-30)]]<br />
<br />
[[Release Meeting Minutes/2008-06-23 | June 23, 2008 (2008-06-23)]]<br />
<br />
[[Release Meeting Minutes/2008-06-16 | June 16, 2008 (2008-06-16)]]<br />
<br />
==May 2008==<br />
<br />
[[Release Meeting Minutes/2008-05-19 | May 19, 2008 (2008-05-19)]]<br />
<br />
[[Release Meeting Minutes/2008-05-12 | May 12, 2008 (2008-05-12)]]<br />
<br />
[[Release Meeting Minutes/2008-05-05 | May 5, 2008 (2008-05-05)]]<br />
<br />
==April 2008==<br />
[[Release Meeting Minutes/2008-04-28 | April 28, 2008 (2008-04-28)]]<br />
<br />
[[Release Meeting Minutes/2008-04-14 | April 14, 2008 (2008-04-14)]]<br />
<br />
==March 2008==<br />
[[Release Meeting Minutes/2008-03-31 |March 31, 2008 (2008-03-31)]]<br />
<br />
[[Release Meeting Minutes/2008-03-24 |March 24, 2008 (2008-03-24)]]<br />
<br />
[[Release Meeting Minutes/2008-03-17 |March 17, 2008 (2008-03-17)]]<br />
<br />
[[Release Meeting Minutes/2008-03-10 |March 10, 2008 (2008-03-10)]]<br />
<br />
==February 2008==<br />
[[Release Meeting Minutes/2008-02-04 |February 4, 2008 (2008-02-04)]]<br />
<br />
==January 2008==<br />
[[Release Meeting Minutes/2008-01-28 |January 28, 2008 (2008-01-28)]]<br />
<br />
[[Release Meeting Minutes/2008-01-07 |January 7, 2008 (2008-01-07)]]<br />
<br />
==December 2007==<br />
[[Release Meeting Minutes/2007-12-17|December 17, 2007 (2007-12-17)]]<br />
<br />
[[Release Meeting Minutes/2007-12-10|December 10, 2007 (2007-12-10)]]</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-05-12&diff=390Release Meeting Minutes/2008-05-122008-05-12T21:26:52Z<p>Lxs: New page: '''Minutes of weekly release meeting for 2008-05-12:''' '''New Release Priorities:''' * iprop: High priority for sponsors. :Looking at integrating Sun's patches. Some small problem...</p>
<hr />
<div>'''Minutes of weekly release meeting for 2008-05-12:'''<br />
<br />
<br />
'''New Release Priorities:'''<br />
<br />
* iprop: High priority for sponsors. <br />
<br />
:Looking at integrating Sun's patches. Some small problems with integration.<br />
<br />
* Master Key Rollover and Service Key Rollover: <br />
<br />
:Described as "race condition with keytab generation" -- another way of looking at it.<br />
<br />
* Multi-threaded KDC: <br />
<br />
:Feedback that threading introduces more bugs than a multi-process solution using IPC. <br />
<br />
:Producer-consumer threading models are easier to verify as correct than more complex designs. Might be a reasonable compromise.<br />
<br />
<br />
'''Amended List of krb5-1.7 Release Priorities:'''<br />
<br />
* iprop<br />
* Remove krb4<br />
* Master Key Rollover<br />
* KIM<br />
* Enhanced error messages (almost done)<br />
* CCAPI (Mac done, Windows works but may be too slow)<br />
* Client-side referrals (prinicipal rewriting and new "X-" realm name to signify referrals)<br />
<br />
<br />
'''Removed krb5-1.7 Priorities:'''<br />
<br />
* Multithreaded KDC<br />
* GSSAPI mech-glue plugins<br />
<br />
<br />
'''Public Admin API:'''<br />
<br />
* Clean up dependencies on internal structures.<br />
* Get in sync with Sun API.<br />
* Talk to Heimdal? Heimdal admin protocol is different, but might want to support common protocol someday.<br />
<br />
<br />
'''New krb5-1.7 target deadline: end of 2008'''<br />
<br />
<br />
'''Bug in finalizer in krb5 library:'''<br />
<br />
On application exit support library finalizer being called before krb5 library finalizer. Seen in NetBSD and Moira update server.<br />
<br />
Add refcounts/object references inside so finalizers know when their dependencies have been called.<br />
<br />
Alternatively special case application exit since dlclose does not have this problem.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes&diff=389Release Meeting Minutes2008-05-12T21:02:57Z<p>Lxs: /* May 2008 */</p>
<hr />
<div>Public minutes of Kerberos Consortium Release Meetings arranged in reverse chronological order:<br />
<br />
==May 2008==<br />
<br />
[[Release Meeting Minutes/2008-05-12 | May 12, 2008 (2008-05-12)]]<br />
<br />
[[Release Meeting Minutes/2008-05-05 | May 5, 2008 (2008-05-05)]]<br />
<br />
==April 2008==<br />
[[Release Meeting Minutes/2008-04-28 | April 28, 2008 (2008-04-28)]]<br />
<br />
[[Release Meeting Minutes/2008-04-14 | April 14, 2008 (2008-04-14)]]<br />
<br />
==March 2008==<br />
[[Release Meeting Minutes/2008-03-31 |March 31, 2008 (2008-03-31)]]<br />
<br />
[[Release Meeting Minutes/2008-03-24 |March 24, 2008 (2008-03-24)]]<br />
<br />
[[Release Meeting Minutes/2008-03-17 |March 17, 2008 (2008-03-17)]]<br />
<br />
[[Release Meeting Minutes/2008-03-10 |March 10, 2008 (2008-03-10)]]<br />
<br />
==February 2008==<br />
[[Release Meeting Minutes/2008-02-04 |February 4, 2008 (2008-02-04)]]<br />
<br />
==January 2008==<br />
[[Release Meeting Minutes/2008-01-28 |January 28, 2008 (2008-01-28)]]<br />
<br />
[[Release Meeting Minutes/2008-01-07 |January 7, 2008 (2008-01-07)]]<br />
<br />
==December 2007==<br />
[[Release Meeting Minutes/2007-12-17|December 17, 2007 (2007-12-17)]]<br />
<br />
[[Release Meeting Minutes/2007-12-10|December 10, 2007 (2007-12-10)]]</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-05-05&diff=372Release Meeting Minutes/2008-05-052008-05-05T19:30:05Z<p>Lxs: </p>
<hr />
<div>'''Minutes of weekly release meeting for 2008-05-05:'''<br />
<br />
<br />
'''krb5-1.7 Goals:'''<br />
<br />
Current:<br />
<br />
* Kerberos Identity Management (KIM) API<br />
<br />
* Enhanced GSSAPI errors<br />
<br />
* Cross platform CCAPI<br />
<br />
* GSS mech-glue plugin interface<br />
<br />
* Multithreaded KDC<br />
<br />
* Ticket request logging<br />
<br />
* Master key rollover<br />
<br />
<br />
Possible new goals based on consortium sponsor input:<br />
<br />
* Code cleanup (architecture, formatting, etc)<br />
<br />
* Incremental Propagation<br />
<br />
* krb4 removal<br />
<br />
* Service key rollover (both keys work during rollover period, currently have race condition)<br />
<br />
Is master key rollover a special case of service key rollover? Not exactly the same: Correct key version needs to be used with KDB entries. Application servers can store multiple key versions in keytab.<br />
<br />
<br />
Bug reports:<br />
<br />
* IPv6-only support<br />
<br />
* UI issues with referrals (empty realm). Should be using reserved realm name to indicate referrals so developers and end users are not confused by the empty realm. Empty realm looks like a string manipulation bug.<br />
<br />
* Database refactoring? Store KDC data using database features. Would be nice, too large a project for krb5-1.7<br />
<br />
<br />
'''Code Cleanup Priorities:'''<br />
<br />
ASN.1 -> looking at A2C to replace our implementation<br />
<br />
Where are security advisories? krb4, KDC, RPC layer, ASN.1<br />
<br />
What are security advisories? Mostly buffer overruns. Should start with support routines so buffer/string manipulation is standardized across krb5 sources.<br />
<br />
New code: Database Abstraction Layer (DAL) and LDAP plugin. Pkinit contribution. Large sections of new code need better review and testing.<br />
<br />
Should we require that new code contributions include comprehensive test suites? New hires will work on more testing for existing code.<br />
<br />
Publish better coding standards/guidelines<br />
<br />
Static Analysis Tools: Tools prefer a specific coding style. Using that style avoids false positives and makes the tools more useful.<br />
<br />
<br />
'''New Release Adoption:'''<br />
<br />
Why are people staying with older releases?<br />
<br />
* No compelling features and old releases work fine. (ie: "If it ain't broke...")<br />
<br />
* Some sites want referrals for AD support but lots of traffic about bugs in referrals. May need principal re-writing (currently only have realm re-writing) to make referrals useful to sites.<br />
<br />
* Security advisories reduce confidence<br />
<br />
* Explicit ABI stability statement to increase developer confidence<br />
<br />
* Static library support? Last seen in krb5-1.4<br />
<br />
<br />
'''Communication:'''<br />
<br />
We seem to have a communication problem. Not sure what is keeping people from upgrading or what they want.<br />
<br />
Get more people involved on krbdev?<br />
<br />
Use an announce list to publish upcoming release project proposals? Wiki is hard to track... RSS feed would be too much noise. Krbdev is too much noise for some sites. Use kerberos-announce? Should avoid sending mail more than twice a year. Make messages short with link to wiki with more detail.<br />
<br />
How to get people more involved in beta testing process? Beta tester program? Should also have a guide on how to safely test a beta server in your environment without risk to the production server.<br />
<br />
<br />
'''Project Policy:'''<br />
<br />
How is project policy working out?<br />
<br />
Need a "proposal" phase. Existing initial phase is a project plan. Create new proposal phase which only has a description of the project for consideration.<br />
<br />
Instructions should be more explicit (step by step).<br />
<br />
Currently project discussion can get split between wiki discussion pages and krbdev list. Confluence does not solve problem because it also has comments.<br />
<br />
Use RT ticket associated with each proposal and put RT server (via mailing list) on krbdev? Then discussion can occur on list and it will still end up archived with the proposal's ticket. Wiki proposals can link to RT ticket and vice versa. Use special krb5-projects queue.<br />
<br />
Consortium staff should take on more of the project proposal overhead. Existing process has too many steps for the person proposing the project. Discourages people from submitting if they have to go through 10 steps. Automate as much as possible to take workload off consortium staff/submitter.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-05-05&diff=371Release Meeting Minutes/2008-05-052008-05-05T19:28:37Z<p>Lxs: New page: '''Minutes of weekly release meeting for 2008-05-05:''' '''krb5-1.7 Goals:''' Current: * Kerberos Identity Management (KIM) API * Enhanced GSSAPI errors * Cross platform CCAPI * GSS...</p>
<hr />
<div>'''Minutes of weekly release meeting for 2008-05-05:'''<br />
<br />
<br />
'''krb5-1.7 Goals:'''<br />
<br />
Current:<br />
<br />
* Kerberos Identity Management (KIM) API<br />
<br />
* Enhanced GSSAPI errors<br />
<br />
* Cross platform CCAPI<br />
<br />
* GSS mech-glue plugin interface<br />
<br />
* Multithreaded KDC<br />
<br />
* Ticket request logging<br />
<br />
* Master key rollover<br />
<br />
<br />
Possible new goals based on consortium sponsor input:<br />
<br />
* Code cleanup (architecture, formatting, etc)<br />
<br />
* Incremental Propagation<br />
<br />
* krb4 removal<br />
<br />
* Service key rollover (both keys work during rollover period, currently have race condition)<br />
<br />
Is master key rollover a special case of service key rollover? Not exactly the same: Correct key version needs to be used with KDB entries. Application servers can store multiple key versions in keytab.<br />
<br />
<br />
Bug reports:<br />
<br />
* IPv6-only support<br />
<br />
* UI issues with referrals (empty realm). Should be using reserved realm name to indicate referrals so developers and end users are not confused by the empty realm. Empty realm looks like a string manipulation bug.<br />
<br />
* Database refactoring? Store KDC data using database features. Would be nice, too large a project for krb5-1.7<br />
<br />
<br />
'''Code Cleanup Priorities:'''<br />
<br />
ASN.1 -> looking at A2C to replace our implementation<br />
<br />
Where are security advisories? krb4, KDC, RPC layer, ASN.1<br />
<br />
What are security advisories? Mostly buffer overruns. Should start with support routines so buffer/string manipulation is standardized across krb5 sources.<br />
<br />
New code: Database Abstraction Layer (DAL) and LDAP plugin. Pkinit contribution. Large sections of new code need better review and testing.<br />
<br />
Should we require that new code contributions include comprehensive test suites? New hires will work on more testing for existing code.<br />
<br />
Publish better coding standards/guidelines<br />
<br />
Static Analysis Tools: Tools prefer a specific coding style. Using that style avoids false positives and makes the tools more useful.<br />
<br />
<br />
'''New Release Adoption:'''<br />
<br />
Why are people staying with older releases?<br />
<br />
* No compelling features and old releases work fine. (ie: "If it ain't broke...")<br />
<br />
* Some sites want referrals for AD support but lots of traffic about bugs in referrals. May need principal re-writing (currently only have realm re-writing) to make referrals useful to sites.<br />
<br />
* Security advisories reduce confidence<br />
<br />
* Explicit ABI stability statement to increase developer confidence<br />
<br />
* Static library support? Last seen in krb5-1.4<br />
<br />
<br />
'''Communication:'''<br />
<br />
We seem to have a communication problem. Not sure what is keeping people from upgrading or what they want.<br />
<br />
Get more people involved on krbdev?<br />
<br />
Use an announce list to publish upcoming release project proposals? Wiki is hard to track... RSS feed would be too much noise. Krbdev is too much noise for some sites. Use kerberos-announce? Should avoid sending mail more than twice a year. Make messages short with link to wiki with more detail.<br />
<br />
How to get people more involved in beta testing process? Beta tester program? Should also have a guide on how to safely test a beta server in your environment without risk to the production server.<br />
<br />
<br />
'''Project Policy:'''<br />
<br />
How is project policy working out?<br />
<br />
Need a "proposal" phase. Existing initial phase is a project plan. Create new proposal phase which only has a description of the project for consideration.<br />
<br />
Instructions should be more explicit (step by step).<br />
<br />
Currently project discussion can get split between wiki discussion pages and krbdev list. Confluence does not solve problem because it also has comments.<br />
<br />
Use RT ticket associated with each proposal and put RT server (via mailing list) on krbdev? Then discussion can occur on list and it will still end up archived with the proposal's ticket. Wiki proposals can link to RT ticket and vice versa. <br />
<br />
Consortium staff should take on more of the project proposal overhead. Existing process has too many steps for the person proposing the project. Discourages people from submitting if they have to go through 10 steps. Automate as much as possible to take workload off consortium staff/submitter.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes&diff=370Release Meeting Minutes2008-05-05T18:57:31Z<p>Lxs: /* April 2008 */</p>
<hr />
<div>Public minutes of Kerberos Consortium Release Meetings arranged in reverse chronological order:<br />
<br />
==April 2008==<br />
[[Release Meeting Minutes/2008-05-05 | May 5, 2008 (2008-05-05)]]<br />
<br />
[[Release Meeting Minutes/2008-04-28 | April 28, 2008 (2008-04-28)]]<br />
<br />
[[Release Meeting Minutes/2008-04-14 | April 14, 2008 (2008-04-14)]]<br />
<br />
==March 2008==<br />
[[Release Meeting Minutes/2008-03-31 |March 31, 2008 (2008-03-31)]]<br />
<br />
[[Release Meeting Minutes/2008-03-24 |March 24, 2008 (2008-03-24)]]<br />
<br />
[[Release Meeting Minutes/2008-03-17 |March 17, 2008 (2008-03-17)]]<br />
<br />
[[Release Meeting Minutes/2008-03-10 |March 10, 2008 (2008-03-10)]]<br />
<br />
==February 2008==<br />
[[Release Meeting Minutes/2008-02-04 |February 4, 2008 (2008-02-04)]]<br />
<br />
==January 2008==<br />
[[Release Meeting Minutes/2008-01-28 |January 28, 2008 (2008-01-28)]]<br />
<br />
[[Release Meeting Minutes/2008-01-07 |January 7, 2008 (2008-01-07)]]<br />
<br />
==December 2007==<br />
[[Release Meeting Minutes/2007-12-17|December 17, 2007 (2007-12-17)]]<br />
<br />
[[Release Meeting Minutes/2007-12-10|December 10, 2007 (2007-12-10)]]</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-04-28&diff=361Release Meeting Minutes/2008-04-282008-04-28T19:32:57Z<p>Lxs: </p>
<hr />
<div>'''Minutes of weekly release meeting for 2008-04-28:'''<br />
<br />
<br />
'''Is this meeting useful?'''<br />
<br />
Current attendees: Sun, Secure Endpoints, MIT developers<br />
<br />
Expand audience?<br />
<br />
More concrete agenda?<br />
<br />
How do people find out about the meeting?<br />
<br />
Need to limit audience to people writing code for the next release.<br />
<br />
<br />
'''Release planning for krb5-1.7:'''<br />
<br />
Sponsors not enthusiastic about pre-consortium 1.7 roadmap<br />
<br />
Sponsors have expressed immediate interest in:<br />
<br />
* code quality (static analysis, code audits, FIPS compliance, etc)<br />
<br />
* Incremental propogation<br />
<br />
* PKINIT<br />
<br />
Not sure about:<br />
<br />
* GSSAPI mech-glue<br />
<br />
* Kerberos Identity Management (KIM) API<br />
<br />
<br />
'''Static Analysis Tools:'''<br />
<br />
Tools producing much more output than expected. 10% of output is too large a sample. Need more time.<br />
<br />
Compare tool output to that of other open source implementations. <br />
<br />
<br />
'''Code Quality:'''<br />
<br />
Need to overhaul code to improve code quality. Kerberos 2.0?<br />
<br />
Remove code duplication. Modularize. <br />
<br />
Should be done as a series of refactoring projects, not starting from scratch.<br />
<br />
Overhaul should not completely block work on requested features.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-04-28&diff=360Release Meeting Minutes/2008-04-282008-04-28T19:32:43Z<p>Lxs: </p>
<hr />
<div>'''Minutes of weekly release meeting for 2008-04-28:'''<br />
<br />
<br />
'''Is this meeting useful?'''<br />
<br />
Current attendees: Sun, Secure Endpoints, MIT developers<br />
<br />
Expand audience?<br />
<br />
More concrete agenda?<br />
<br />
How do people find out about the meeting?<br />
<br />
Need to limit audience to people writing code for the next release.<br />
<br />
<br />
'''Release planning for krb5-1.7:'''<br />
<br />
Sponsors not enthusiastic about pre-consortium 1.7 roadmap<br />
<br />
Sponsors have expressed immediate interest in:<br />
<br />
* code quality (static analysis, audits, FIPS compliance, etc)<br />
<br />
* Incremental propogation<br />
<br />
* PKINIT<br />
<br />
Not sure about:<br />
<br />
* GSSAPI mech-glue<br />
<br />
* Kerberos Identity Management (KIM) API<br />
<br />
<br />
'''Static Analysis Tools:'''<br />
<br />
Tools producing much more output than expected. 10% of output is too large a sample. Need more time.<br />
<br />
Compare tool output to that of other open source implementations. <br />
<br />
<br />
'''Code Quality:'''<br />
<br />
Need to overhaul code to improve code quality. Kerberos 2.0?<br />
<br />
Remove code duplication. Modularize. <br />
<br />
Should be done as a series of refactoring projects, not starting from scratch.<br />
<br />
Overhaul should not completely block work on requested features.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-04-28&diff=359Release Meeting Minutes/2008-04-282008-04-28T19:32:15Z<p>Lxs: New page: '''Minutes of weekly release meeting for 2008-04-28:''' '''Is this meeting useful?''' Current attendees: Sun, Secure Endpoints, MIT developers Expand audience? More concrete agenda? ...</p>
<hr />
<div>'''Minutes of weekly release meeting for 2008-04-28:'''<br />
<br />
<br />
'''Is this meeting useful?'''<br />
<br />
Current attendees: Sun, Secure Endpoints, MIT developers<br />
<br />
Expand audience?<br />
<br />
More concrete agenda?<br />
<br />
How do people find out about the meeting?<br />
<br />
Need to limit audience to people writing code for the next release.<br />
<br />
<br />
'''Release planning for krb5-1.7:'''<br />
<br />
Sponsors not enthusiastic about pre-consortium 1.7 roadmap<br />
<br />
Sponsors have expressed immediate interest in:<br />
<br />
* code quality (audits, FIPS compliance, etc)<br />
<br />
* Incremental propogation<br />
<br />
* PKINIT<br />
<br />
Not sure about:<br />
<br />
* GSSAPI mech-glue<br />
<br />
* Kerberos Identity Management (KIM) API<br />
<br />
<br />
'''Static Analysis Tools:'''<br />
<br />
Tools producing much more output than expected. 10% of output is too large a sample. Need more time.<br />
<br />
Compare tool output to that of other open source implementations. <br />
<br />
<br />
'''Code Quality:'''<br />
<br />
Need to overhaul code to improve code quality. Kerberos 2.0?<br />
<br />
Remove code duplication. Modularize. <br />
<br />
Should be done as a series of refactoring projects, not starting from scratch.<br />
<br />
Overhaul should not completely block work on requested features.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes&diff=358Release Meeting Minutes2008-04-28T19:16:58Z<p>Lxs: /* April 2008 */</p>
<hr />
<div>Public minutes of Kerberos Consortium Release Meetings arranged in reverse chronological order:<br />
<br />
==April 2008==<br />
[[Release Meeting Minutes/2008-04-28 | April 28, 2008 (2008-04-28)]]<br />
<br />
[[Release Meeting Minutes/2008-04-14 | April 14, 2008 (2008-04-14)]]<br />
<br />
==March 2008==<br />
[[Release Meeting Minutes/2008-03-31 |March 31, 2008 (2008-03-31)]]<br />
<br />
[[Release Meeting Minutes/2008-03-24 |March 24, 2008 (2008-03-24)]]<br />
<br />
[[Release Meeting Minutes/2008-03-17 |March 17, 2008 (2008-03-17)]]<br />
<br />
[[Release Meeting Minutes/2008-03-10 |March 10, 2008 (2008-03-10)]]<br />
<br />
==February 2008==<br />
[[Release Meeting Minutes/2008-02-04 |February 4, 2008 (2008-02-04)]]<br />
<br />
==January 2008==<br />
[[Release Meeting Minutes/2008-01-28 |January 28, 2008 (2008-01-28)]]<br />
<br />
[[Release Meeting Minutes/2008-01-07 |January 7, 2008 (2008-01-07)]]<br />
<br />
==December 2007==<br />
[[Release Meeting Minutes/2007-12-17|December 17, 2007 (2007-12-17)]]<br />
<br />
[[Release Meeting Minutes/2007-12-10|December 10, 2007 (2007-12-10)]]</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes&diff=357Release Meeting Minutes2008-04-28T19:16:51Z<p>Lxs: /* April 2008 */</p>
<hr />
<div>Public minutes of Kerberos Consortium Release Meetings arranged in reverse chronological order:<br />
<br />
==April 2008==<br />
[[Release Meeting Minutes/2008-04-28 | April 28, 2008 (2008-04-28)]]<br />
[[Release Meeting Minutes/2008-04-14 | April 14, 2008 (2008-04-14)]]<br />
<br />
==March 2008==<br />
[[Release Meeting Minutes/2008-03-31 |March 31, 2008 (2008-03-31)]]<br />
<br />
[[Release Meeting Minutes/2008-03-24 |March 24, 2008 (2008-03-24)]]<br />
<br />
[[Release Meeting Minutes/2008-03-17 |March 17, 2008 (2008-03-17)]]<br />
<br />
[[Release Meeting Minutes/2008-03-10 |March 10, 2008 (2008-03-10)]]<br />
<br />
==February 2008==<br />
[[Release Meeting Minutes/2008-02-04 |February 4, 2008 (2008-02-04)]]<br />
<br />
==January 2008==<br />
[[Release Meeting Minutes/2008-01-28 |January 28, 2008 (2008-01-28)]]<br />
<br />
[[Release Meeting Minutes/2008-01-07 |January 7, 2008 (2008-01-07)]]<br />
<br />
==December 2007==<br />
[[Release Meeting Minutes/2007-12-17|December 17, 2007 (2007-12-17)]]<br />
<br />
[[Release Meeting Minutes/2007-12-10|December 10, 2007 (2007-12-10)]]</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-04-14&diff=342Release Meeting Minutes/2008-04-142008-04-14T20:33:16Z<p>Lxs: New page: '''Minutes of weekly release meeting for 2008-04-14:''' Shawn Emery attending from Sun in place of Will. Tom: Daptiv status. Please update. Tom: Outstanding issues? Kevin: At conferen...</p>
<hr />
<div>'''Minutes of weekly release meeting for 2008-04-14:'''<br />
<br />
Shawn Emery attending from Sun in place of Will.<br />
<br />
Tom: Daptiv status. Please update.<br />
<br />
Tom: Outstanding issues?<br />
<br />
Kevin: At conference last week. This week working on installer and why NIM doesn't work but command line tools do. Also Vista with UAC issues.<br />
<br />
Ken: Been working on static analysis tools. Estimate for integrating the iprop code. This week more static analysis tools and estimating KDC-side referrals code.<br />
<br />
Shawn: What iprop code?<br />
<br />
Ken: Code from Sun from early 2005. Is there newer code?<br />
<br />
Shawn: Has probably been updated since then. Will send you updated patches.<br />
<br />
Alexis: KfM release. Looking at differences between Apple pkinit and pkinit in the krb5 sources. More this week. Will create project in Daptiv for pkinit analysis.<br />
<br />
Tom: At board meeting last week. Writing up coding styles and other stuff on the wiki. Looking for feedback so please comment.<br />
<br />
Shawn: Sun's interop issues with GSS. Guaranteeing that the initial ticket flag is set on certain service principals. When the principal is manually created the admin needs to be able to set the flag. Is it sufficient for people to be able to manually set it?<br />
<br />
Tom: Sam's idea was to have the kadmin library have an initial API to examine the ticket flags and make sure it is an initial ticket. Would such an API would be useful to Sun?<br />
<br />
Shawn: The primary goal is to have interop working soon. Submitted a fix a while back. <br />
<br />
Tom: Was it the changepw principal that was the problem?<br />
<br />
Shawn: In the default mode the kadmin principal gets used.<br />
<br />
Tom: I thought our implementation tries the kadmin/host principal.<br />
<br />
Shawn: That's the fix I submitted. <br />
<br />
Tom: Ah currently we just accept it but don't try it.<br />
<br />
Shawn: Not sure what the demand is for the AD interop stuff. Need to make a few more changes. Will look at trying to get that out to MIT.<br />
<br />
Tom: What does this fix?<br />
<br />
Shawn: Dynamic DNS updates, some other stuff. LDAP commands.<br />
<br />
Tom: So there are dependencies other than Kerberos like an LDAP client and dynamic DNS.<br />
<br />
Shawn: There's also a client. <br />
<br />
Tom: So we need to audit user interface as well.<br />
<br />
Shawn: Are you on the Kerberos discuss group? Posted before that group existed. Will look at packaging it up for a code contribution.<br />
<br />
Ken: Lots of proposals at the board meeting. Might be the one to work on it.<br />
<br />
Tom: Elizabeth?<br />
<br />
Elizabeth: Went down a rat hole last week but back out. <br />
<br />
Tom: Next meeting 4/28/2008. Next Monday is a holiday in MA.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes&diff=341Release Meeting Minutes2008-04-14T20:31:08Z<p>Lxs: </p>
<hr />
<div>Public minutes of Kerberos Consortium Release Meetings arranged in reverse chronological order:<br />
<br />
==April 2008==<br />
[[Release Meeting Minutes/2008-04-14 | April 14, 2008 (2008-04-14)]]<br />
<br />
==March 2008==<br />
[[Release Meeting Minutes/2008-03-31 |March 31, 2008 (2008-03-31)]]<br />
<br />
[[Release Meeting Minutes/2008-03-24 |March 24, 2008 (2008-03-24)]]<br />
<br />
[[Release Meeting Minutes/2008-03-17 |March 17, 2008 (2008-03-17)]]<br />
<br />
[[Release Meeting Minutes/2008-03-10 |March 10, 2008 (2008-03-10)]]<br />
<br />
==February 2008==<br />
[[Release Meeting Minutes/2008-02-04 |February 4, 2008 (2008-02-04)]]<br />
<br />
==January 2008==<br />
[[Release Meeting Minutes/2008-01-28 |January 28, 2008 (2008-01-28)]]<br />
<br />
[[Release Meeting Minutes/2008-01-07 |January 7, 2008 (2008-01-07)]]<br />
<br />
==December 2007==<br />
[[Release Meeting Minutes/2007-12-17|December 17, 2007 (2007-12-17)]]<br />
<br />
[[Release Meeting Minutes/2007-12-10|December 10, 2007 (2007-12-10)]]</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-03-31&diff=275Release Meeting Minutes/2008-03-312008-03-31T20:47:25Z<p>Lxs: New page: '''Minutes of weekly release meeting for 2008-03-31:''' Sam: Last meeting for me. Next week Kerberos Consortium. Might be present on the 14th but not running meeting. Tom: Not sure av...</p>
<hr />
<div>'''Minutes of weekly release meeting for 2008-03-31:'''<br />
<br />
<br />
Sam: Last meeting for me. Next week Kerberos Consortium. Might be present on the 14th but not running meeting.<br />
<br />
Tom: Not sure available to call in next week.<br />
<br />
Sam: Board meeting overlaps with this call so no call.<br />
<br />
Sam: Ken working on coding practices and auditing. Want to discuss auditing with board. Code review cost prohibitive. Looking at static analysis tools. Looking at Coverity and Solaris Lint. <br />
<br />
Sam: Want integrated into processes, periodic runs, fix problems identified. Project management: process for getting to this. Technical: handling false positives. Adopt idioms that reduce false positives. Not a total solution.<br />
<br />
Ken: Confused about the difference between while(1) and for(;;). Thinks while(1) can exit through the bottom of the loop.<br />
<br />
Sam: Can't make Solaris Lint and gcc happy because they warn about different things. Platform specific issues. How do we want to handle this?<br />
<br />
Will: Ken, did you look at the gcc compiler warnings?<br />
<br />
Sam: Looked at those too but Solaris Lint, gcc and Coverity all find different problems so more tools does produce increased coverage. More tools also produce more false positives.<br />
<br />
Kevin: Pick 2 tools that provide the best coverage?<br />
<br />
Ken: Not reviewed all tools. Currently only looked at Coverity and Solaris Lint in depth.<br />
<br />
Will: Under the impression that some version of our lint has security analysis options that might help you. Will look into it. Might be internal only though.<br />
<br />
Ken: Using the lint that comes with the compiler (Sun Studio 12). Also lint binary in Solaris release but that's the UCB one.<br />
<br />
Will: Will look at tools.<br />
<br />
Ken: Are you interested in the bugs we've found in lint? (false positives, etc)<br />
<br />
Will: If they can be batched up then we would find them useful. <br />
<br />
Sam: We will report them through the normal channels and also batch them up for you. <br />
<br />
Sam: How do we want to build these tools into our build system.<br />
<br />
Ken: Coverity side looks fairly easy to automate. Can track bugs from one run to the next. Can mark false positives to be ignored. Runs as part of the build system.<br />
<br />
Ken: Lint is a little more difficult because every compile needs to be modified to include lint options. Pulling all the data from each files is a little tricky. make lint target using the same files list as make depend. <br />
<br />
Sam: make rule that runs our normal build but changes the value of cc_link to include lint options.<br />
<br />
Ken: Would need to special case object files. Wouldn't be any easier than adding additional targets.<br />
<br />
Sam: Makefiles should only have one list of source files for each target. Should fix at the same time.<br />
<br />
Sam: What about false positives on lint?<br />
<br />
Ken: Has a mechanism using comments. Haven't verified it works. Suppressing warnings in macros harder because comments get stripped before macro expansion.<br />
<br />
Tom: Splint annotations were too much work. Need to make sure we make fewer modifications for lint.<br />
<br />
Ken: Need to look more at how to do suppressions to be sure we can handle this correctly.<br />
<br />
Will: Might have annotations facility. Will investigate.<br />
<br />
Sam: How do we get to a proposal?<br />
<br />
Tom: Which tools do we use?<br />
<br />
Sam: Should commit to using Coverity. Use open source version.<br />
<br />
Ken: Issue that people can sniff the analysis over the network if we use the open source version. <br />
<br />
Kevin: Can bittorrent Coverity anyway so a hacker can just use a stolen copy and get the analysis themselves. <br />
<br />
Ken: Might be helpful to pick a directory and try to make them lint-clean as a demo.<br />
<br />
Sam: Get me a proposal by the 14th on how to do that.<br />
<br />
Will: Fundamental questions: Which tools and handling output (protected?). Process of how tools are going to be used (on commit, nightly, etc)?<br />
<br />
Sam: Want to see all that in Ken's report.<br />
<br />
Sam: Do we have any other status updates?<br />
<br />
Will: Updated the wiki. Added some documentation.<br />
<br />
Will: Saw mention of a common credentials cache. What is meant by that?<br />
<br />
Sam: Willis and Paul Armstrong believe we should have a common credential cache. Ball is in their court to elaborate on why and what they wanted. They have a slot to present at the board meeting.<br />
<br />
Tom: Had something to do with a cluster environment or something like that. Computing nodes that need to all talk to the same credentials cache.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes&diff=274Release Meeting Minutes2008-03-31T20:45:28Z<p>Lxs: /* March 2008 */</p>
<hr />
<div>Public minutes of Kerberos Consortium Release Meetings arranged in reverse chronological order:<br />
<br />
==March 2008==<br />
[[Release Meeting Minutes/2008-03-31 |March 31, 2008 (2008-03-31)]]<br />
<br />
[[Release Meeting Minutes/2008-03-24 |March 24, 2008 (2008-03-24)]]<br />
<br />
[[Release Meeting Minutes/2008-03-17 |March 17, 2008 (2008-03-17)]]<br />
<br />
[[Release Meeting Minutes/2008-03-10 |March 10, 2008 (2008-03-10)]]<br />
<br />
==February 2008==<br />
[[Release Meeting Minutes/2008-02-04 |February 4, 2008 (2008-02-04)]]<br />
<br />
==January 2008==<br />
[[Release Meeting Minutes/2008-01-28 |January 28, 2008 (2008-01-28)]]<br />
<br />
[[Release Meeting Minutes/2008-01-07 |January 7, 2008 (2008-01-07)]]<br />
<br />
==December 2007==<br />
[[Release Meeting Minutes/2007-12-17|December 17, 2007 (2007-12-17)]]<br />
<br />
[[Release Meeting Minutes/2007-12-10|December 10, 2007 (2007-12-10)]]</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Main_Page&diff=266Main Page2008-03-24T20:51:12Z<p>Lxs: </p>
<hr />
<div>'''K5Wiki''' is a wiki for the development of [[MIT Kerberos]], a reference implementation of [[wp:Kerberos (protocol)|the Kerberos network authentication protocol]]. MIT Kerberos is a project of the [http://www.kerberos.org/ MIT Kerberos Consortium].<br />
<br />
Here are some starting points:<br />
* [[How to contribute]]<br />
* [[:Category:Policies|Policies for development]]<br />
* [[:Category:projects|Ongoing projects ]]<br />
* [[Release_Meeting_Minutes|Release Meeting Minutes]]<br />
* [[K5Wiki:Todo|A todo list for work needing doing on this wiki]]<br />
<br />
We look forward to your contributions to K5Wiki and MIT Kerberos.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes&diff=265Release Meeting Minutes2008-03-24T20:49:32Z<p>Lxs: /* March 2008 */</p>
<hr />
<div>Public minutes of Kerberos Consortium Release Meetings arranged in reverse chronological order:<br />
<br />
==March 2008==<br />
[[Release Meeting Minutes/2008-03-24 |March 24, 2008 (2008-03-24)]]<br />
<br />
[[Release Meeting Minutes/2008-03-17 |March 17, 2008 (2008-03-17)]]<br />
<br />
[[Release Meeting Minutes/2008-03-10 |March 10, 2008 (2008-03-10)]]<br />
<br />
==February 2008==<br />
[[Release Meeting Minutes/2008-02-04 |February 4, 2008 (2008-02-04)]]<br />
<br />
==January 2008==<br />
[[Release Meeting Minutes/2008-01-28 |January 28, 2008 (2008-01-28)]]<br />
<br />
[[Release Meeting Minutes/2008-01-07 |January 7, 2008 (2008-01-07)]]<br />
<br />
==December 2007==<br />
[[Release Meeting Minutes/2007-12-17|December 17, 2007 (2007-12-17)]]<br />
<br />
[[Release Meeting Minutes/2007-12-10|December 10, 2007 (2007-12-10)]]</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-03-24&diff=264Release Meeting Minutes/2008-03-242008-03-24T20:48:37Z<p>Lxs: New page: '''Minutes of weekly release meeting for 2008-03-24:''' '''Project status''' Tom: Justin's schedule updated in Daptiv. Ken updated but not completely up to date Sam: In good shape exce...</p>
<hr />
<div>'''Minutes of weekly release meeting for 2008-03-24:'''<br />
<br />
<br />
'''Project status'''<br />
<br />
Tom: Justin's schedule updated in Daptiv. Ken updated but not completely up to date<br />
<br />
Sam: In good shape except for mech-glue project<br />
<br />
Tom: Worked on mech-glue a little.<br />
<br />
'''mech-glue'''<br />
<br />
Sam: Discussion with vendor about mech-glue about what to do if we can't ship the full implementation immediately. Minimal extension "plugin" support provided via export_lucid_context. Don't want to export giant struct of function pointers -- instead use Luke Howard's support. Plugin may not use same malloc/free as library. Tom has a proposal to solve malloc/free issues. Taken Sun's patches except for plugin code. <br />
<br />
Will: Sun's plugin support is private anyway.<br />
<br />
Will: Manager OK with split project. Writing up keytab stash part now. How do I create a project page?<br />
<br />
Sam: Just go to an unused page URL and the wiki will offer to create the page.<br />
<br />
Will: Process not well documented or user-friendly (some agreement from other attendees). Main project page doesn't list all the projects.<br />
<br />
Sam: Will fix. Add comments to talk page or to-do page to make sure this issue doesn't get dropped.<br />
<br />
Elizabeth: If you come up with useful instructions, add them to the How To Contribute pages.<br />
<br />
'''kadmin'''<br />
<br />
Will: Any updates on a new kadmin protocol?<br />
<br />
Ken: Mostly still talking to gauge interest. Microsoft is not interested so not a big payoff.<br />
<br />
Sam: Will work on incompatibilities that are easy to fix. Set change password support would also be nice.<br />
<br />
Will: Enctype issues with ktadd causing a headache for Sun. Client not telling KDC which enctype it supports and is getting keys it can't use.<br />
<br />
Sam: Stanford has a tool we are looking at that will make the general problem here easier to manage. In the specific ktadd case the protocol supports asking for certain enctypes. Just need to modify ktadd to use it.<br />
<br />
Will: That might fix it.<br />
<br />
'''CDDL'''<br />
<br />
Will: Why no CDDL?<br />
<br />
Ken: CDDL has terms requiring distribution of sources I think.<br />
<br />
Sam: Generally we have problems with licenses which are open source unfriendly (eg: GPL-incompatible) or too open (eg: no support for closed source use for embedded systems).<br />
<br />
Will: Would like to make it easier for MIT to take our patches.<br />
<br />
Sam: Note that if we decide to accept the CDDL, we would also need to accept other similar vendor open source licenses. Should make sure that is okay with your lawyers.<br />
<br />
Will: Just need a list of specific issues with the CDDL for our lawyers and we can figure something out.<br />
<br />
Will: Might be out at MIT in May. Nothing certain yet though.<br />
<br />
Sam: I will be on paternity leave in May. Other people will be around.<br />
<br />
Will: Okay, will work on finishing wiki project page.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-02-04&diff=175Release Meeting Minutes/2008-02-042008-02-04T22:44:40Z<p>Lxs: </p>
<hr />
<div>'''Minutes of weekly release meeting for 2008-02-04:'''<br />
<br />
Will: Out sick last week.<br />
<br />
Tom: Who is up to date in Daptiv?<br />
<br />
Alexis: Up to date<br />
<br />
Ken: Behind, needs to fix timescales<br />
<br />
Kevin: Up to date<br />
<br />
Ken: Working on a lot of stuff unrelated to 1.7<br />
<br />
Tom: Should we add non-1.7 projects to make it easier to see who is doing what?<br />
<br />
Ken, Steve: Yes<br />
<br />
Tom: Trying to reproduce database corruption bug. Partial progress.<br />
<br />
Will: Shawn Emery and Tom in communication about database corruption?<br />
<br />
Tom: Yes<br />
<br />
Will: Shawn had something that reproduces this?<br />
<br />
Tom: We have one test case which reproduces some of the corruption we've seen. Describes test case with a record split on index 0.<br />
<br />
Ken: Can we replace with a different database? SQLite plugin?<br />
<br />
Will: Sun looking into SQLite already.<br />
<br />
Ken: Believes SQLite license is sufficiently public domain for our purposes. Apple also using SQLite. Has heard concerns about SQLite being slower than Berkeley DB.<br />
<br />
Will: Would there be any problem with a plugin in MIT Kerberos for SQLite?<br />
<br />
Tom: Plugin isn't a problem for MIT. Vendors might have an issue if we bundle SQLite with MIT Kerberos. Would make sources considerably larger (1MB of sources).<br />
<br />
Ken: Could choose to not build it on platforms where SQLite libraries already exist.<br />
<br />
Will: Sun uses SQLite in some components. Also just bought MySQL. Thinks Nico uses SQLite. Sun is interested in a more reliable and robust database backend than LDAP or Berkeley DB.<br />
<br />
Tom: Berkeley DB is well-tested and very mature. Unfortunately 4.4 BSD had the last incarnation of Berkeley DB under a license we could use so we are using an old version. MIT Kerberos will compile against more recent Berkeley DB versions.<br />
<br />
Ken: Tested Berkeley DB versions 3 and 4.<br />
<br />
Tom: No idea if anyone is using Kerberos with more recent versions of Berkeley DB. However given the interest in SQLite we should bring it up to the board and try to find resources.<br />
<br />
Will: My manager may want me to switch to working on SQLite plugin instead of the enctype migration work.<br />
<br />
Steve: How is our work going? Been working with Sun since October officially but seems like we aren't really getting to collaborate as much as we'd like.<br />
<br />
Will: Feel like I haven't gotten a chance to really work on the Consortium work due to hardware issues, holidays, illness, LDAP bugs, release requirements, etc. Everything else was high priority.<br />
<br />
Steve: That's understandable. Just want to flag that we've got a commitment from Sun for 6 months of 2 people at 25% time. Don't want to get into a state where we save all the work until the end and then don't have reasonable projects or deadlines. Even if this particular project isn't working we could use QA, testing infrastructure, new services (eg: OpenGrok), etc. <br />
<br />
Will: Need to talk to manager about this. <br />
<br />
Will: What is the project tracking system you are using?<br />
<br />
Steve: Daptiv PPM. Is MIT's project tracking system. Have getting Sun folks accounts as an action item. Should be easy if you have an MIT account.<br />
<br />
Will: Yes I have an MIT account. Do all board members get access to this?<br />
<br />
Steve: Any board members can get access to this, but I suspect most don't want that fine grained detail. However since you're working so closely with us it should be useful to you. <br />
<br />
Tom: Any other updates, issues, interesting developments?<br />
<br />
Alexis: CCAPI v2 needed for Windows. Working on it. Will delay other tasks by approximately a week.<br />
<br />
Kevin: Coverity Update. Have access to web site and downloaded their tool. Currently scanning krb5 sources and all other open source projects is done by one guy. Trying to move to a model where the open source projects run the tools themselves, upload dump files to an ftp site and he will run the proprietary tools on them and post results. Not currently automated, but working on that. Analysis takes approximately twice as long as a build.<br />
<br />
Tom: What are the tool requirements? OS?<br />
<br />
Kevin: Coverity wants to start with Linux first. Need to be able to protect access to the tool.<br />
<br />
Ken: Can we talk about results of the tool output? Can we publish our results?<br />
<br />
Steve: We should look at the license.<br />
<br />
Tom: Do we have licenses?<br />
<br />
Kevin: Haven't signed anything yet or received any formal notices. Will look for READMEs in tool tarball.<br />
<br />
Steve: Would it be easier to use commercial project?<br />
<br />
Kevin: Commercial product is expensive. Will investigate licensing of commercial product. Would get both pieces of the tool and not have to deal with Coverity.<br />
<br />
Ken: Will help Kevin with linux build.<br />
<br />
Steve: Has anyone looked at the user manual posted to comp.protocols.kerberos? <br />
<br />
Ken: Printed it but not read it. About 40 pages. There are similar guides out there but this is the most detailed yet.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-02-04&diff=174Release Meeting Minutes/2008-02-042008-02-04T22:42:44Z<p>Lxs: New page: Will: Out sick last week. Tom: Who is up to date in Daptiv? Alexis: Up to date Ken: Behind, needs to fix timescales Kevin: Up to date Ken: Working on a lot of stuff unrelated to 1.7 ...</p>
<hr />
<div>Will: Out sick last week.<br />
<br />
Tom: Who is up to date in Daptiv?<br />
<br />
Alexis: Up to date<br />
<br />
Ken: Behind, needs to fix timescales<br />
<br />
Kevin: Up to date<br />
<br />
Ken: Working on a lot of stuff unrelated to 1.7<br />
<br />
Tom: Should we add non-1.7 projects to make it easier to see who is doing what?<br />
<br />
Ken, Steve: Yes<br />
<br />
Tom: Trying to reproduce database corruption bug. Partial progress.<br />
<br />
Will: Shawn Emery and Tom in communication about database corruption?<br />
<br />
Tom: Yes<br />
<br />
Will: Shawn had something that reproduces this?<br />
<br />
Tom: We have one test case which reproduces some of the corruption we've seen. Describes test case with a record split on index 0.<br />
<br />
Ken: Can we replace with a different database? SQLite plugin?<br />
<br />
Will: Sun looking into SQLite already.<br />
<br />
Ken: Believes SQLite license is sufficiently public domain for our purposes. Apple also using SQLite. Has heard concerns about SQLite being slower than Berkeley DB.<br />
<br />
Will: Would there be any problem with a plugin in MIT Kerberos for SQLite?<br />
<br />
Tom: Plugin isn't a problem for MIT. Vendors might have an issue if we bundle SQLite with MIT Kerberos. Would make sources considerably larger (1MB of sources).<br />
<br />
Ken: Could choose to not build it on platforms where SQLite libraries already exist.<br />
<br />
Will: Sun uses SQLite in some components. Also just bought MySQL. Thinks Nico uses SQLite. Sun is interested in a more reliable and robust database backend than LDAP or Berkeley DB.<br />
<br />
Tom: Berkeley DB is well-tested and very mature. Unfortunately 4.4 BSD had the last incarnation of Berkeley DB under a license we could use so we are using an old version. MIT Kerberos will compile against more recent Berkeley DB versions.<br />
<br />
Ken: Tested Berkeley DB versions 3 and 4.<br />
<br />
Tom: No idea if anyone is using Kerberos with more recent versions of Berkeley DB. However given the interest in SQLite we should bring it up to the board and try to find resources.<br />
<br />
Will: My manager may want me to switch to working on SQLite plugin instead of the enctype migration work.<br />
<br />
Steve: How is our work going? Been working with Sun since October officially but seems like we aren't really getting to collaborate as much as we'd like.<br />
<br />
Will: Feel like I haven't gotten a chance to really work on the Consortium work due to hardware issues, holidays, illness, LDAP bugs, release requirements, etc. Everything else was high priority.<br />
<br />
Steve: That's understandable. Just want to flag that we've got a commitment from Sun for 6 months of 2 people at 25% time. Don't want to get into a state where we save all the work until the end and then don't have reasonable projects or deadlines. Even if this particular project isn't working we could use QA, testing infrastructure, new services (eg: OpenGrok), etc. <br />
<br />
Will: Need to talk to manager about this. <br />
<br />
Will: What is the project tracking system you are using?<br />
<br />
Steve: Daptiv PPM. Is MIT's project tracking system. Have getting Sun folks accounts as an action item. Should be easy if you have an MIT account.<br />
<br />
Will: Yes I have an MIT account. Do all board members get access to this?<br />
<br />
Steve: Any board members can get access to this, but I suspect most don't want that fine grained detail. However since you're working so closely with us it should be useful to you. <br />
<br />
Tom: Any other updates, issues, interesting developments?<br />
<br />
Alexis: CCAPI v2 needed for Windows. Working on it. Will delay other tasks by approximately a week.<br />
<br />
Kevin: Coverity Update. Have access to web site and downloaded their tool. Currently scanning krb5 sources and all other open source projects is done by one guy. Trying to move to a model where the open source projects run the tools themselves, upload dump files to an ftp site and he will run the proprietary tools on them and post results. Not currently automated, but working on that. Analysis takes approximately twice as long as a build.<br />
<br />
Tom: What are the tool requirements? OS?<br />
<br />
Kevin: Coverity wants to start with Linux first. Need to be able to protect access to the tool.<br />
<br />
Ken: Can we talk about results of the tool output? Can we publish our results?<br />
<br />
Steve: We should look at the license.<br />
<br />
Tom: Do we have licenses?<br />
<br />
Kevin: Haven't signed anything yet or received any formal notices. Will look for READMEs in tool tarball.<br />
<br />
Steve: Would it be easier to use commercial project?<br />
<br />
Kevin: Commercial product is expensive. Will investigate licensing of commercial product. Would get both pieces of the tool and not have to deal with Coverity.<br />
<br />
Ken: Will help Kevin with linux build.<br />
<br />
Steve: Has anyone looked at the user manual posted to comp.protocols.kerberos? <br />
<br />
Ken: Printed it but not read it. About 40 pages. There are similar guides out there but this is the most detailed yet.</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes&diff=173Release Meeting Minutes2008-02-04T22:33:10Z<p>Lxs: </p>
<hr />
<div>Public minutes of Kerberos Consortium Release Meetings arranged in reverse chronological order:<br />
<br />
==February 2008==<br />
[[Release Meeting Minutes/2008-02-04 |February 4, 2008 (2008-02-04)]]<br />
<br />
==January 2008==<br />
[[Release Meeting Minutes/2008-01-28 |January 28, 2008 (2008-01-28)]]<br />
<br />
[[Release Meeting Minutes/2008-01-07 |January 7, 2008 (2008-01-07)]]<br />
<br />
==December 2007==<br />
[[Release Meeting Minutes/2007-12-17|December 17, 2007 (2007-12-17)]]<br />
<br />
[[Release Meeting Minutes/2007-12-10|December 10, 2007 (2007-12-10)]]</div>Lxshttps://k5wiki.kerberos.org/wiki?title=Projects/KIM_UI_plugins&diff=132Projects/KIM UI plugins2008-01-22T16:35:20Z<p>Lxs: </p>
<hr />
<div>{{project-member}}<br />
<br />
Platform maintainers want to control the Kerberos UI on their platform. The [[Kerberos identity management API]] needs to interface with the platform specific UI code in order to ask for information from the user. This project proposes to create an interface between KIM and UI providers so that KIM can request user interaction.<br />
<br />
<br />
==Stability Requirement==<br />
<br />
In at least one case, the UI provider will be developed by a separate organization under disjoint time lines. For this to work, the interface needs to be very stable. Forward and backward compatibility between UI plugins and Kerberos will be required within a reasonably wide margin. <br />
<br />
==Questions to answer==<br />
<br />
===How many prompter callbacks===<br />
<br />
Today the prompter function is called multiple times in hardware preauth cases. We can probably get a commitment at a protocol level that it is an error for this to be needed. However our code architecture would need to change for KIM to be able to take advantage of that. What is involved in this change and can we commit to accomplishing it?<br />
<br />
==Hard Issues==<br />
<br />
This section should describe the hard issues that influence the design. Probably each bullet should be expanded into a subsection.<br />
<br />
* When do you ask about a password; not needed for pkinit<br />
* Localization and strings from KDC<br />
* Multiple prompts if we don't solve that<br />
<br />
==Paths not taken==<br />
<br />
There are some obvious ways to approach this design that we've chosen not to take. Explain why so others can debate these choices with us and understand our approach.<br />
<br />
* An API with calls like get me the credentials that returns credentials and has another API for identity selection<br />
<br />
<br />
==Functional requirements==<br />
<br />
What does this API need to do; how do we judge its success?<br />
<br />
What use cases do we need to support?<br />
<br />
<br />
==Design==<br />
<br />
===API functions===<br />
<br />
===Supporting library changes===<br />
<br />
===Testing Plan===<br />
<br />
* Provide tests for UI plugin providers to determine whether forward/backward compat is maintained?<br />
* Provide a test UI provider for some platform?</div>Lxs