Hi all,
I've published a draft design for the profile update mechanism.
This feature is to ensure that we can safely update included
profiles even when we use Dogtag profile components only available
in new versions.
https://www.freeipa.org/page/V4/Certificate_profile_update_mechanism
Interested persons, please review the design. In particular there
are two main questions I would like to discuss:
1. We need to store the IPA version in IPA master entries. What
should be the schema?
https://www.freeipa.org/page/V4/Certificate_profile_update_mechanism#IPA_...
2. How should we deal with customised versions of included profiles?
There is a big tradeoff here, of complexity + flexibility vs.
simplicitity + reverting customisations to included profiles (and
preventing them in future).
https://www.freeipa.org/page/V4/Certificate_profile_update_mechanism#Deal...
Thanks,
Fraser