[Pkg-openldap-devel] Upload OpenLDAP 2.3 to the archive.
Quanah Gibson-Mount
quanah at stanford.edu
Fri May 12 18:00:17 UTC 2006
--On Friday, May 12, 2006 7:50 PM +0200 Matthijs Mohlmann
<matthijs at cacholong.nl> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Quanah Gibson-Mount wrote:
>>
>>
>> --On Friday, May 12, 2006 10:02 AM +0200 Matthijs Mohlmann
>> <matthijs at cacholong.nl> wrote:
>>
>>> Hi,
>>>
>>> I think OpenLDAP 2.3 is ready to go into the Debian archive, I've tested
>>> the following things with succes:
>>>
>>> - Initial installation of openldap 2.3.
>>> - Upgrade from OpenLDAP 2.2 with the BDB backend to OpenLDAP 2.3 works.
>>> - Upgrade from OpenLDAP 2.2 with the LDBM backend to OpenLDAP 2.3 with
>>> the BDB backend.
>>> When the user disagrees with the upgrade from LDBM to BDB, then the
>>> installation will break with 'exit 1'. And if the user agrees it
>>> upgrades nicely to the BDB backend.
>>> - Removal of slapd works. (Tested it pretty often ;))
>>
>> Very cool.
>>
>> OpenLDAP 2.3.22 is supposed to come out in the next day or two, if you
>> want to wait on it. A current list of bugs fixed since 2.3.21 can be
>> found at:
>>
>> <http://www.openldap.org/devel/cvsweb.cgi/~checkout~/Attic/CHANGES?rev=1
>> .5.8.208&hideattic=1&sortbydate=0>
>>
>
> We have currently 2.3.20 in the svn repository, which is listed as
> stable on the website, comments on that ?
<http://www.openldap.org/faq/data/cache/226.html>
Particularly, the last sentence. All that stable indicates is that it was
better than previous releases, and makes no claims as to its worthiness
about subsequent releases. And of course all the bugs fixed since the
current stable release are still present in it.
I have a few reasons I'd wait for 2.3.22:
(a) back-config doesn't properly honor ACL's in all cases in < 2.3.22,
which means people could inadvertently expose their data
(b) There's a security exploit if someone runs "make test", particularly if
they run it as root, that will be closed out with 2.3.22.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Pkg-openldap-devel
mailing list