[Pkg-openldap-devel] Post-etch OpenLDAP work

Steve Langasek vorlon at debian.org
Mon Mar 5 09:53:07 CET 2007 

Hi Russ,

On Sat, Mar 03, 2007 at 11:23:01PM -0800, Russ Allbery wrote:
> I want to throw this out to the whole group to get reactions, and also to
> update you on where things stand for remerging the library and slapd
> packages.

> First, the work to make GnuTLS a fully supported SSL option is underway.
> It will result in both new OpenLDAP and new GnuTLS releases, mostly
> likely.  It should be complete by the lenny release, at which point my
> hope is that we can provide library and slapd packages built against
> GnuTLS for lenny.

Very much looking forward to it... :)

> I don't know whether it would be worth trying to figure out how to provide
> packages built against OpenSSL at the same time or not.  My guess is that
> the OpenSSL support will continue to be more mature for at least some
> time, which means that large sites with heavy loads may wish to use it.
> Given how interlinked everything is with the libraries, and given the
> existance of LDAP NSS modules, it's difficult to get this right.

Yeah, I can't imagine it being worth the effort of maintaining two versions
of the slapd package officially.

> Right now, Quanah's maintaining his own build, which is very heavily
> tested under a huge production load.  We have multiple testing
> environments here at Stanford to use to validate LDAP builds and a variety
> of clients and stress tests that we throw at LDAP.  I would really like to
> see the OpenLDAP slapd that Debian ships be the same or as close to the
> same as possible as slapd that we're running in production here, with the
> caveat that they'll always diverge around Debian release freezes and then
> converge again afterwards.

I certainly like the idea of having the Debian packages correspond to
something that's being exercised at a large installation.  These days all I
have to work with myself is a test setup, which is no promise at all that
the packages will be useful to people in production.

> What I'd like to propose is that we branch the repository and that we
> (mostly Quanah, but other people in my group may also contribute) develop
> our packages on a branch.  This lets the people working on the initial cut
> of packages not have to serve two masters and aim first at getting
> something put together that we're willing to run in production and that
> meets our local requirements.

Yes, that seems fair.  Will this branch use the current Debian packaging as
a starting point?

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/

More information about the Pkg-openldap-devel mailing list