SP 2.0: Metadata with EncryptionMethod elements fails to load

Scott Cantor cantor.2 at osu.edu
Tue Jan 20 20:08:42 UTC 2009

Russ Allbery wrote on 2009-01-20:
> The reason why they're separated is because Debian Policy requires that
> you be able to install multiple versions of a library with different
> SONAMEs at the same time. 

That's not unusual, but I'm not sure why this works without a complaint on
Red Hat. I've installed different versions of the libraries at the same
time, minus the development files which shouldn't be allowed anyway.

The schemas are in a netherworld between development and runtime, but
probably ought to be going in versioned directories if I was being strictly
correct about it. In practice, the schemas never get used expect by the SP
itself, so could be bundled into it alone, but that wasn't an assumption I
wanted to make at the time.

> This is somewhat irrelevant for Shibboleth since it doesn't make a great
> deal of sense to have multiple Shibboleth libraries installed at the same
> time, but it's one of those project-wide guarantee things.

That's why you might consider (as long as you're altering things) putting
all the schemas into one package tied to the SP and avoid all the little

The only actual "assumption" in the system about those catalog locations is
in the SP itself. If they weren't present, the libraries down below wouldn't
know that, and somebody who needed to package an application that was using
them could do the same thing you're doing. This wouldn't be much duplication
of effort because nobody validates anyway.

-- Scott

More information about the Pkg-shibboleth-devel mailing list