Handling of postponed/abandoned efforts
by Petr Vobornik
Hi all,
you could see that I and Christian closed some old postponed PRs.
I was thinking how to keep track of such closed efforts in case we
would like to return to some.
An Idea I have is a postponed page on FreeIPA wiki.
https://www.freeipa.org/page/Postponed
Which is also added to Roadmap to be discoverable:
https://www.freeipa.org/page/Roadmap
I'm not sure with one thing. Usually, we close pr with rejected label.
But if we close postponed PR with only "we don't have time" reason, we
might want to keep postponed label there so that it can be easily
found (query: is:pr is:closed label:postponed ).
Do you see value in the page or the practice?
Thank you
--
Petr Vobornik
6 years, 2 months
Discussion: Removing special characters from host-add random one-time-password generation
by John Larson
I recently experienced an issue where special characters in the "ipa
host-add" operation were interpreted by bash in an unattended provisioning
script. In checking the log after the provisioning failure, I saw the
password was considered incorrect by the server.
I never had this issue before 4.5.0 was released because prior to that, a
smaller subset of special characters were allowed and any special character
that needed to be escaped was removed. Upon further inspection, I
discovered that the script I was using to provision my servers did not have
the password quoted properly. I was able to modify that and the issue was
resloved.
Would it be better to exclude all special characters in the random password
generation for host-add moving forward? When the special character set was
expanded in 4.5.0, this could cause issues for people who were operating
under the assumption that troublesome special characters were excluded.
Here are some references for consideration.
This is the original bug and the fix from 2012. This "fix" was removed in
4.5.0 and all special characters are now valid:
https://bugzilla.redhat.com/show_bug.cgi?id=827392
Here is my pull request that will remove special characters from random OTP
generation moving forward:
https://github.com/freeipa/freeipa/pull/1505
Do you think it should be left to the user to properly quote variables or
remove the possibility of the issue by removing special characters for the
the host-add operation? Do you think that, since the whole array of special
characters was opened up in 4.5.0, that this can be perceived as a
"regression"?
Thanks for your time,
John Larson
6 years, 2 months