Line 62: | Line 62: | ||
<!-- Expand on the summary, if appropriate. A couple sentences suffices to explain the goal, but the more details you can provide the better. --> | <!-- Expand on the summary, if appropriate. A couple sentences suffices to explain the goal, but the more details you can provide the better. --> | ||
Replace older, clunkier, less user-friendly python interfaces to Kerberos with python-gssapi. python-gssapi uses the GSSAPI interface, which is widely standardized, implemented by both MIT and Heimdal Kerberos, and much more user-friendly. | |||
TODO: requests | |||
== Benefit to Fedora == | == Benefit to Fedora == |
Revision as of 19:13, 14 November 2017
Kerberos in Python modernization
Summary
Replace usage of python-krbV and pykerberos with python-gssapi in all Fedora packages to enable their removal from Fedora.
Owner
- Name: Robbie Harwood
- Email: rharwood at fp dot o
- Release notes owner:
Current status
- Targeted release: Fedora 28
- Last updated: 2017-11-14
- Tracker bug: <will be assigned by the Wrangler>
Detailed Description
Replace older, clunkier, less user-friendly python interfaces to Kerberos with python-gssapi. python-gssapi uses the GSSAPI interface, which is widely standardized, implemented by both MIT and Heimdal Kerberos, and much more user-friendly.
TODO: requests
Benefit to Fedora
python-krbV has no python3 support, so its replacement helps projects move to python3.
pykerberos is a very minimal implementation intended for use in calendar server and not intended for consumption by other applications. It has almost no documentation.
python-gssapi is substantially more maintainable than python-krbV and pykerberos, and uses the preferred interface to Kerberos (GSSAPI). Its upstream is active (i.e., not dead) and it is hosted in a reasonable way (its own repository on github) that is friendly to new contributors. The project runs PR CI on Fedora explicitly already.
Scope
- Proposal owners: rharwood (responsible for providing patches)
- Other developers: maintainers of affected packages are expected to perform code review
- Release engineering: #Releng issue number (a check of an impact with Release Engineering is needed)
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
All dependency changes should be handled seamlessly by dnf without additional input from the user.
How To Test
The following should all produce no results:
dnf repoquery --whatrequires python-krbV
dnf repoquery --whatrequires python-kerberos
dnf repoquery --whatrequires python3-kerberos
TODO: requests?
User Experience
Change should not be noticeable, except to any users of the deprecated packages directly.
TODO: requests
Dependencies
python-krbV:
- beaker-client
- koji-web
- python2-koji
python2-kerberos:
- did
- offlineimap
- python2-nitrate
- python2-urllib2_kerberos
- waiverdb
TODO requests
python3-kerberos:
- (none)
TODO requests
Contingency Plan
- Contingency mechanism: Ship them. python-krbV removal is highest priority since no python3 support.
- Contingency deadline: Beta
- Blocks release? No
- Blocks product? No
Documentation
python-gssapi docs can be found here: https://pythonhosted.org/gssapi/