The page source contains comments providing guidance to fill out each section. They are invisible when viewing this page. To read it, choose the "view source" link.
Copy the source to a new page before making changes! DO NOT EDIT THIS TEMPLATE FOR YOUR CHANGE PROPOSAL.
Kerberos in Python modernization
Summary
Replace usage of python-krbV and pykerberos with python-gssapi in all Fedora packages to enable their removal from Fedora.
Owner
- Name: Robbie Harwood
- Email: rharwood at fp dot o
- Release notes owner:
Current status
- Targeted release: Fedora 28
- Last updated: 2017-11-14
- Tracker bug: <will be assigned by the Wrangler>
Detailed Description
Replace older, clunkier, less user-friendly python interfaces to Kerberos with python-gssapi. python-gssapi uses the GSSAPI interface, which is widely standardized, implemented by both MIT and Heimdal Kerberos, and much more user-friendly.
TODO: requests
Benefit to Fedora
python-krbV has no python3 support, so its replacement helps projects move to python3.
pykerberos is a very minimal implementation intended for use in calendar server and not intended for consumption by other applications. It has almost no documentation.
python-gssapi is substantially more maintainable than python-krbV and pykerberos, and uses the preferred interface to Kerberos (GSSAPI). Its upstream is active (i.e., not dead) and it is hosted in a reasonable way (its own repository on github) that is friendly to new contributors. The project runs PR CI on Fedora explicitly already.
Scope
- Proposal owners: rharwood (responsible for providing patches)
- Other developers: maintainers of affected packages are expected to perform code review
- Release engineering: #Releng issue number (a check of an impact with Release Engineering is needed)
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
All dependency changes should be handled seamlessly by dnf without additional input from the user.
How To Test
The following should all produce no results:
dnf repoquery --whatrequires python-krbV
dnf repoquery --whatrequires python-kerberos
dnf repoquery --whatrequires python3-kerberos
TODO: requests?
User Experience
Change should not be noticeable, except to any users of the deprecated packages directly.
TODO: requests
Dependencies
python-krbV:
- beaker-client
- koji-web
- python2-koji
python2-kerberos:
- did
- offlineimap
- python2-nitrate
- python2-urllib2_kerberos
- waiverdb
TODO requests
python3-kerberos:
- (none)
TODO requests
Contingency Plan
- Contingency mechanism: Ship them. python-krbV removal is highest priority since no python3 support.
- Contingency deadline: Beta
- Blocks release? No
- Blocks product? No
Documentation
python-gssapi docs can be found here: https://pythonhosted.org/gssapi/