[Proposal] Samba 3.2.0 to replace 3.0.22
Gerald (Jerry) Carter
jerry at samba.org
Wed Jan 11 00:57:39 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
James Peach wrote:
> Ok, so some sites might already have files out there
> with broken security descriptors.
They aren't broken right now. The SIDs resolve correctly.
The proposed changes would move a group mapped via the RID
algorithm to a new domain so that there is no chance of
RID collisions between algorithimcally mapped groups and
assigned RIDs (e.g. from a migrated domain).
So the new code does in fact fix much more than it
breaks.
> When they upgrade to *any* version of Samba with Volker's
> changes, this problem will be exposed, regardless of whether
> that version is 3.0.23 or 3.2. If you put out a 3.2 release
> and don't fix anything in the 3.0 series, the problem
> gets worse, since there will be more broken descriptors on
> files in the wild.
>
> Administrators need to be aware of the problem and they
> need tools to detect and solve it. If this is a real problem,
> I don't think release management is the solution.
The tool would be an upgrade script that creates the static,
persistent mappings for currently unmapped groups. This would
prevent the ACL I described previously from reporting unknown
SIDs after the upgrade.
The concern is that such as change is too much for a patch
release number. However, if done correctly it could be
seemless. It would require an extensive amount of testing
which we have had a hard time getting right lately.
Currently however, I'm more inclined to stick with a 3.0.x
release and make the effort to do extremely thorough testing.
I think that a 3.2 would hinder the new code getting out due
to distribution issues for vendors. Logistically I'm having
a hard time wrapping my head around whether or not we (I) could
handle 3.0 and 3.2 branches.
James, from the viewpoint of a vendor and off the record,
how bad would 3.0 and 3.2 make your life?
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDxFgCIR7qMdg1EfYRAhA7AJ414gZ4Oqhg5TIUk3dxMBdA7EGHLACg8W4e
QlxUsQLLIlhgppCO2i/0pZk=
=4Md0
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list