[Proposal] Samba 3.2.0 to replace 3.0.22

James Peach jpeach at samba.org
Thu Jan 5 22:12:19 GMT 2006 

On Fri, 2006-01-06 at 06:23 +1100, Andrew Bartlett wrote:
> On Thu, 2006-01-05 at 09:20 -0600, Gerald (Jerry) Carter wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > * jerry steps up to the mic
> > * tap, tap, tap
> > * "Is this thing on?"
> > 
> > I've been talking to Jeremy, Guenther, Volker, and some others
> > about the upcoming changes currently in trunk.  It seems that
> > the patch pressure is getting quite high for the SAMBA_3_0 tree.
> > If you haven't followed some of the discussion, here's some of
> > the relevant threads:
> > 
> > * [PATCH] kerberize pam_winbindd (work in progress)
> > http://lists.samba.org/archive/samba-technical/2005-November/043875.html
> > 
> > * "algorithmic rid base" bogus?
> > http://lists.samba.org/archive/samba-technical/2005-December/044491.html
> > 
> > * usershare acl parser?
> > http://lists.samba.org/archive/samba-technical/2005-December/044258.html
> > 
> > * [PATCH] Autogenerated DFS parser
> > http://lists.samba.org/archive/samba-technical/2005-October/043178.html

Which of these result in incompatible changes with 3.0.*?

> Does the cluster work also fall into this?

Interesting question :)

> > So the is major work in offline winbindd support, removing legacy
> > rid algorithm support, non-root user creation of shares for desktop
> > applications like KDE & Gnome, & backporting Samba 4's IDL upport.

So you are proposing to autogenerate more IDL interfaces than just DFS?

> > None of this is designed to compete or impeed Samba 4's development.
> > In many ways it moves us closer to Samba 4's view of the future and
> > is the product of continued, active development on Samba 3.0.x.
> > However, these changes are really too sweeping to place in a 3.0.22
> > or even a 3.0.30 release for that matter.

By "sweeping", do you mean "incompatible" or just "large"? I would say
that incompatible changes could be a good rationale for bumping the
minor version, but would have to be convinced otherwise.

In general, I strongly support anything that moves the Samba3 and Samba4
codebases closer.

> Personally, I would like to see some enhanced security defaults for
> Samba 3.2.  For example, a requirement for some form of integrity
> protection on winbindd connections (either smb signing, NTLMSSP or
> schannel pipes etc), and dropping of plaintext password support by
> default.

Sounds like a good thing.

> Also, if the Samba 3.2 thing is done, I would also like to see some more
> Samba4 code pulled back.  While pulling back GENSEC probably has too
> many knobs on (have you seen how many places the credentials system has
> it's little fingers in? :-), it would be good to see ldb pulled back.  
>
> > So the proposal on the table is to move to SAMBA_3_2.  I realize
> > the implications of this wrt to documentation, distributions,
> > and developer resources.  We would be looking at a turn around time
> > of a few months.  Hopefully by Samba XP, April 24, if not sooner.
> > I propose skipping any 3.1.x releases in spite of past discussions
> > due to the expected turnaround time and start with the 3.2.0preX
> > releases as soon as the SAMBA_3_2 branch is feature complete.

Frankly, I don't know whether SGI would ship a 3.0 release and a 3.2
release on IRIX/Origin. I can't speak for SuSE, but this would certainly
complicate my life supporting Samba on SLES/Altix if SuSE chose to ship
3.0 and 3.2 versions.

> > And we will continue with any necessary bug fix or security
> > releases for 3.0.x.  Bug fix releases being the 'letter' releases
> > (3.0.21b, etc, ...) and security fixes eating a minor version
> > number as usual.

Given we already have less testing coverage than we would like,
splitting our user community into 3.0 and 3.2 is a difficult decision.
For how long would we support 3.0.*? 

> This is the big cost, but perhaps we would have that anyway.  We have
> been fortunate in that we have not had security issues since doing
> 3.0.20, but I suspect that we would all feel a bit bad leaving anybody
> on < 3.0.20 high and dry in the case of a security issue.  So perhaps it
> isn't a massive amount more work anyway.  It depends how many 'bug
> fixes' folks are tempted/demanded to spend their time on.
> 
> > * jerry opens the floor for discussion
> 
> It is really up to the Samba3 maintainers, but I certainly understand
> the reluctance to change the behaviours radically in the 3.0 series.  

I don't see any problem in changing behaviours radically within the 3.0
series, provided it is done in a compatible way. If this is not
possible, then I'll come around to the 3.2 view.

-- 
James Peach | jpeach at samba.org

More information about the samba-technical mailing list