SP release before March 2020?

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

SP release before March 2020?

Etienne Dysli Metref
Happy new year everyone! :)

I've heard there might be a SP release coming this year and I wanted to
make you aware of the freeze date for the next Ubuntu LTS (20.04) so
that this new SP version can, if ready, be included in the next Ubuntu
distribution.

According to Ubuntu 20.04 "Focal Fossa"'s release schedule [1], the
feature freeze and Debian import freeze deadlines are on 2020-02-27.
Anything that is in *Debian unstable* can be synced to Ubuntu up to that
date. So, if you're planning a SP release before March 2020, it would be
nice to give us package maintainers a little bit of buffer before
Ubuntu's freeze deadline so that we can prepare and upload the SP
packages to Debian unstable, then request a sync to Ubuntu. Idem for
libraries upon which the SP depends and that you also maintain, like
Xerces-C.

If no SP release is planned that soon, then don't bother, Focal Fossa
will live on with the current SP version (3.0.4). [2]

Cheers,
  Etienne

[1] https://wiki.ubuntu.com/FocalFossa/ReleaseSchedule
[2] https://packages.ubuntu.com/source/focal/shibboleth-sp


--
To unsubscribe from this list send an email to [hidden email]

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SP release before March 2020?

Alan Buxey
hi,

not sure - but if someone can give me edit rights I'll update https://wiki.shibboleth.net/confluence/pages/viewpage.action?spaceKey=DEV&title=SPRoadmap to be fresher than it is

alan


--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SP release before March 2020?

Ian Young-3
In reply to this post by Etienne Dysli Metref


On 2020-01-06, at 09:12, Etienne Dysli Metref <[hidden email]> wrote:

I've heard there might be a SP release coming this year and I wanted to
make you aware of the freeze date for the next Ubuntu LTS (20.04) so
that this new SP version can, if ready, be included in the next Ubuntu
distribution.

The project roadmap is here:


You can see that we have no planned feature release for the SP (the focus is very much on shipping IdP v4 at the moment), so Scott can correct me but I think you're safe in assuming that there won't be one before 2020-02-27. Of course, there might be a patch release if a security issue arises.


Idem for libraries upon which the SP depends and that you also maintain, like
Xerces-C.

I don't think we have anything planned for that either (for the systems where we supply our own version).

I assume it doesn't have its own roadmap section because we only care about it as a part of the SP.


    -- Ian





--
To unsubscribe from this list send an email to [hidden email]

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SP release before March 2020?

Ian Young-3
In reply to this post by Alan Buxey


On 2020-01-06, at 10:15, Alan Buxey <[hidden email]> wrote:

not sure - but if someone can give me edit rights I'll update https://wiki.shibboleth.net/confluence/pages/viewpage.action?spaceKey=DEV&title=SPRoadmap to be fresher than it is

I'd take you up on that except that I think the DEV SPRoadmap page has really been superseded by the V3 SP's own release notes page. As a record of previous releases, it's a curious thing to have in a "roadmap" anyway, so keeping it updated seems like extra work for no benefit.

I have changed "SPRoadmap" to indicate this; there's a case to be made for shunting that content over into the V2 space, or removing it entirely.

    -- Ian


--
To unsubscribe from this list send an email to [hidden email]

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SP release before March 2020?

Alan Buxey
hi,

I'd take you up on that except that I think the DEV SPRoadmap page has really been superseded by the V3 SP's own release notes page. As a record of previous releases, it's a curious thing to have in a "roadmap" anyway, so keeping it updated seems like extra work for no benefit.

I have changed "SPRoadmap" to indicate this; there's a case to be made for shunting that content over into the V2 space, or removing it entirely.


fair enough, that makes sense (my main concern was it saying current supported production version was 2.6.0 )
as you say, its not a roadmap, its a version release history - but it was the first hit when looking for the SP roadmap :-) )

alan
 


--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SP release before March 2020?

Cantor, Scott E.
In reply to this post by Etienne Dysli Metref
The SP update won't make that deadline, but the critical bug fix for the race condition in the new cookie session code really should get into that release if possible, and that's just a patch to xmltooling I already committed, so I'll see what I can do about at least tagging that library update, even if I don't package it myself yet.

The next big source of uncertainty is OpenSSL 3.0.0, which isn't due until Q4 at the earliest.

It would be tremendously unfortunate if Debian decides to force everybody to move to that prematurely like they did with OpenSSL 1.1 last time, and I can promise I won't take it well if they do, so anything we can do to communicate that would be a good thing. I do not expect the move to 3.0.0 to be smooth and it's quite possible it won't even be viable if they break the low level APIs I have to use to get control of the TLS layer in libcurl.

-- Scott


--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SP release before March 2020?

Ian Young-3

On 2020-01-06, at 13:02, Cantor, Scott <[hidden email]> wrote:

It would be tremendously unfortunate if Debian decides to force everybody to move to that prematurely like they did with OpenSSL 1.1 last time, and I can promise I won't take it well if they do, so anything we can do to communicate that would be a good thing. I do not expect the move to 3.0.0 to be smooth and it's quite possible it won't even be viable if they break the low level APIs I have to use to get control of the TLS layer in libcurl.

I'd assume that isn't something that could happen in Debian until Debian 11 (Bullseye), so something like mid-2021? Similarly with the Ubuntu LTS being locked in now it's 2022 before the next one.

Not saying we don't have a potential problem there --- the world being what it is, we probably do --- just trying to get my head around potential timing.

    -- Ian





--
To unsubscribe from this list send an email to [hidden email]

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SP release before March 2020?

Ian Young-3
In reply to this post by Alan Buxey

On 2020-01-06, at 12:13, Alan Buxey <[hidden email]> wrote:

my main concern was it saying current supported production version was 2.6.0

Yeah, thanks for picking that up.

    -- Ian





--
To unsubscribe from this list send an email to [hidden email]

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SP release before March 2020?

Cantor, Scott E.
In reply to this post by Ian Young-3
On 1/6/20, 8:34 AM, "dev on behalf of Ian Young" <[hidden email] on behalf of [hidden email]> wrote:

> I'd assume that isn't something that could happen in Debian until Debian 11 (Bullseye), so something like mid-2021?
> Similarly with the Ubuntu LTS being locked in now it's 2022 before the next one.

Yes, and mid-2021 would very probably be a non-starter for me, though I guess it's possible we may be able to pull in other resources to do the work, assuming it's even possible. The back channel may be limited message signing at that point, which has been the general trend we're headed for.

-- Scott


--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SP release before March 2020?

Etienne Dysli Metref
In reply to this post by Cantor, Scott E.
On 06/01/2020 14.02, Cantor, Scott wrote:
> The SP update won't make that deadline, but the critical bug fix for
> the race condition in the new cookie session code really should get
> into that release if possible, and that's just a patch to xmltooling
> I already committed, so I'll see what I can do about at least tagging
> that library update, even if I don't package it myself yet.
Just to make sure I understand correctly: Would that be just a
xmltooling release then?
A critical bug fix may be possible to push through to an
already-released distribution, but from my limited experience only
security patches make it.

> The next big source of uncertainty is OpenSSL 3.0.0, which isn't due
> until Q4 at the earliest.

If Debian starts their freeze for Bullseye around the beginning of 2021
(no dates announced yet, just guessing from past releases), then I doubt
this OpenSSL 3.0.0 will make it...

  Etienne


--
To unsubscribe from this list send an email to [hidden email]

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SP release before March 2020?

Cantor, Scott E.
On 1/6/20, 10:20 AM, "dev on behalf of Etienne Dysli Metref" <[hidden email] on behalf of [hidden email]> wrote:

> Just to make sure I understand correctly: Would that be just a
> xmltooling release then?

Yes.

-- Scott



--
To unsubscribe from this list send an email to [hidden email]