[Proposal] Samba 3.2.0 to replace 3.0.22

Gerald (Jerry) Carter jerry at samba.org
Wed Jan 11 00:57:39 GMT 2006

Hash: SHA1

James Peach wrote:

> Ok, so some sites might already have files out there 
> with broken security descriptors.

They aren't broken right now.  The SIDs resolve correctly.
The proposed changes would move a group mapped via the RID
algorithm to a new domain so that there is no chance of
RID collisions between algorithimcally mapped groups and
assigned RIDs (e.g. from a migrated domain).

So the new code does in fact fix much more than it

> When they upgrade to *any* version of Samba with Volker's 
> changes, this problem will be exposed, regardless of whether
> that version is 3.0.23 or 3.2. If you put out a 3.2 release
> and don't fix anything in the 3.0 series, the problem
> gets worse, since there will be more broken descriptors on
> files in the wild.
> Administrators need to be aware of the problem and they 
> need tools to detect and solve it. If this is a real problem,
> I don't think release management is the solution.

The tool would be an upgrade script that creates the static,
persistent mappings for currently unmapped groups.  This would
prevent the ACL I described previously from reporting unknown
SIDs after the upgrade.

The concern is that such as change is too much for a patch
release number.  However, if done correctly it could be
seemless.  It would require an extensive amount of testing
which we have had a hard time getting right lately.

Currently however, I'm more inclined to stick with a 3.0.x
release and make the effort to do extremely thorough testing.
I think that a 3.2 would hinder the new code getting out due
to distribution issues for vendors.  Logistically I'm having
a hard time wrapping my head around whether or not we (I) could
handle 3.0 and 3.2 branches.

James, from the viewpoint of a vendor and off the record,
how bad would 3.0 and 3.2 make your life?

cheers, jerry
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba-technical mailing list