Re: [Pki-devel] replication of new/modified profiles
On 7/2/2014 4:42 PM, Christina Fu wrote:
IMHO, I think #3 is way too complicated. Complication invites
issues
and confuse people.
Could we step back and try something simpler? When you copy the content
of one profile and modify it to create a new one, then it's a new
profile standing on its own. Why the parent-child relationship and
all? Seems like an administrator's nightmare. Maybe I missed out on the
irc discussion, but could you please give us a summary of the benefit
and how the benefit weights against development time and administration
maintenance, and support effort in the future on our end?
Proposal #3 can be simplified into #3(a) without profile inheritance.
Here we'll support just the file-based system profile, proxy LDAP
profile, and custom LDAP profile. For immediate purposes this should be
sufficient.
Profile inheritance is an idea that just came up after the IRC
discussion. It would take a whole separate design page to see how it
works, the potential benefits, and the impact on us. We don't have to
implement this now, but later if we determine that it is useful, we can
implement #3(b) with profile inheritance without changing the schema or
the existing data.
Anyway, I hope you will consider what I said in my earlier response.
I
thought our goal was to provide a "centralized collection of profiles"
to ease administration effort. I hope we achieve simplicity rather than
create complication. It's just my personal preference.
Not disagreeing with that. Simplicity is always a goal, but sometimes
the proper solution cannot be the simplest one.
--
Endi S. Dewata