Release Meeting Minutes/2014-09-30
Will Fiveash, Thomas Hardjono, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu
GSS_S_DEFECTIVE_TOKEN issue? [krbdev.mit.edu #7232]? Probably IAKERB related.
Red Hat people gave up on the port 4444 thing for now.
Maybe IAKERB shouldn't be on the default list of mechs? It can lead to confusing user experiences.
- Environment variable to control mech list?
- No "secure context" APIs for GSS.
- Secure getenv? [ Linux-only ]
- krb5-1.13-beta1 Friday. Expect final release around the 15th.
There was a request to have directory entries sorted when doing profile directory inclusion. It would be a behavior change, but it's arguably a bug. Can probably go into a 1.13 patch, but not back ported because it would introduce a dependency on glob().
For Projects/Replay_cache_improvements, we could consider making small short-term improvements to the existing implementation to reduce the incidence of corruption, prior to designing a replacement.
Simo will ask the KITTEN WG about why the Suite B enctypes counterintuitively pair AES128-SHA256 and AES256-SHA384.