Updating <Rule> in shibboleth2.xml (was: Shibboleth 2.x packages updated in unstable)

[Scott Cantor]

Russ Allbery wrote on 2009-09-15:
> We could try to do a dynamic update, but we'd need to be sure we only
> changed the correct <Rule> tags, which means that the update script would
> need to be XML-aware so that it only got the ones in the right context to
> solve the general problem.  Definitely possible, but it would take more
> than a few minutes thought to figure out the best way to do it.

I would suggest leaving that to the deployer. If I had an "easy" way to fix
it, I might have included one, but it's not trivial.

> I suppose if people never changed the defaults, we could do something
> simpler.

No, they don't, but guaranteeing that isn't so easy.

>> I don't know, how long Scott wants to support the legacy syntax. If it's
>> expected to be dropped soon (before squeeze freezes), then we should
>> take some more steps to avoid breaking upgrades.

It will be supported for the lifetime of the 2.x series. Our compatibility
policy guarantees 100% backward-compatibility within a major version.

I can't tell you if/when a 3.x SP will appear, but it's not likely soon.
What would happen in its place is a new config plugin to the existing 2.x
SP, but it wouldn't prevent the original stuff from working.

> That's a good question.  If it's going to be around for a bit, then I'm
> inclined to just leave the note in NEWS.Debian and let people manually
> change their configurations when they get around to it.

Note this:
https://spaces.internet2.edu/display/SHIB2/NativeSPConfigurationChanges

-- Scott