Comment 7 for bug 1905790
Revision history for this message
| Robie Basak (racb) wrote Re: [Bug 1905790] Re: Recompile SSSD in 20.04 using OpenSSL (instead of NSS) support for p11_child | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
On Wed, Dec 02, 2020 at 03:29:43AM -0000, Marco Trevisan (Treviño) wrote:
> Soo... Given we prefer to stay conservative and not change SSSD crypto
I didn't say that!
> backend fully (to be clear, I would have preferred it to follow
> upstream, not to provide a solution that will change in next LTS no
> matter what, and avoid having "frankensteins", but wasn't a strong
> requirement for me) I've been exploring ways to get only the component
> we care (p11_child) to use p11-kit and openssl.
This is certainly a valuable angle to look at - thanks!
> Robie, this would be better SRU approach?
I think you misunderstand me. I'm not saying that your upload *has* to
be narrow. I've not formed an opinion that yet. What I'm saying is that
whatever size of scope you choose, there must be a regression analysis
that covers that scope.
If you take a widely scope, then I expect a regression analysis to cover
what I feel are the obvious possible implications of that change. By
nature of it being wider, the regression analysis can be expected to be
more work, of course. Because a wider scope generally correlates with
increased regression risk, I'd also expect a justification of why the
narrow scope is less desirable. But the analysis is still necessary and
must not be skipped.
If you take a narrow scope, then that's correlated with lower regression
risk, and because a regression analysis would be narrower in scope to
match, it might well be less work.
I appreciate that sometimes it's harder or riskier to narrow the scope,
so I'm still open to widening the scope - *if* there is an appropriate
justification *and* full regression analysis of that wider scope
provided.