Slapd 2.5.13 for Bullseye, 2nd thread

Stefan G. Weichinger lists at xunil.at
Thu Nov 17 10:07:36 GMT 2022 

Am 16.11.22 um 18:18 schrieb Ryan Tandy:
> On Wed, Nov 16, 2022 at 08:29:52AM +0100, Stefan G. Weichinger wrote:
>> So as far as I understand 2.5 will not become the default package in 
>> the main repository soon, but available in backports in the next weeks 
>> maybe? Is there any fixed date to wait for (I was asked by my customer)?
> 
> We don't make major changes to packages inside a Debian stable release. 
> OpenLDAP 2.5 will be included in "bookworm", the next stable release, 
> which will probably arrive later in 2023 [1].

I see.

> I don't have a date for when the backport will be available. Depends 
> when ftpmasters happen to review the queue. Usually within a few weeks.

Sounds good.

>> 2.4 should be safe for now, and until 2.5 gets available? (We use it 
>> internally only so far, that might be relevant security-wise)
> 
> FSVO "safe". We review new CVEs and fix them in stable if possible. 
> However other issues (non-security, or otherwise not warranting a CVE) 
> will probably not be fixed unless users specifically request them and 
> the fixes are harmless.

Understood.

>> To me it sounds best to wait for 2.5 in backports, do the upgrade, 
>> then go into production. Although 2.5 then still hasn't got much 
>> testing by debian users, so we might be kind of a test setup: my 
>> customer doesn't like that aspect.
> 
> Right, you will be an "early adopter" of changes going into the next 
> release. I should also note that backports do not have the same level of 
> support as Debian stable [2]. Except in very urgent cases, issues are 
> fixed in unstable and migrate from there to testing (automatically) and 
> then backports (manually), which can all take a which or more.

Yes. Basically I was told by an LDAP "guru" that he wouldn't even start 
consulting us if we run 2.4. I am not competent enough to be able to 
tell if that is reasonable or not, that's why I research upgrade paths etc

Feature-wise we won't need 2.5, I assume. It's more of a strategic 
decision: the productive LDAP there is way older, the new 
debian-slapd-servers should be designed to be kind of a LongTermSolution 
... so we don't want to start with a release that is out of support 
upstream.

Please don't get me wrong: I trust the way debian development works!

> If you require a 2.5 or 2.6 package with full support _today_, you might 
> want to look at the packages provided and supported by Symas: 
> https://repo.symas.com/soldap2.5/

Yes, thanks. Did my first upgrade tests with these packages yesterday.

I will check with my customer how we want to proceed.

thanks, Stefan

More information about the Pkg-openldap-devel mailing list