Although PKI 9 is no longer supported in the current Fedora releases, it is still actively used on RHEL/CentOS 6. Currently the changes for RHEL/CentOS are only stored as patch files in RHEL package repository, they are not merged upstream, so right now the upstream DOGTAG_9_0_BRANCH is outdated and fails to build on RHEL/CentOS 6 which should have been the primary target platform.
Ideally these patches should be merged upstream so the upstream and RHEL branches are synchronized. When an issue is found on PKI 9 it would be much easier to investigate the issue and develop the fix on upstream branch rather than using patch files. If the branches are fully synchronized, it would be much easier to backport the patches, reducing maintenance burden.
I agree and disagree with some of the points in the description above:
DOGTAG_9_0_RHEL_BRANCH is the currently maintained downstream branch for Dogtag 9 changes that need to be applied to support the packages used by FreeIPA in RHEL 6. Although it contains the full source code of the entire PKI project, only select portions are updated and maintained on this branch.
DOGTAG_9_0_RHEL_BRANCH is the ONLY branch used to support RHEL 6; DOGTAG_9_0_BRANCH was NEVER intended to support RHEL 6.
DOGTAG_9_0_BRANCH was last used in Fedora 17, and was abandoned when this version of Fedora reached its EOL.
However, as stated above, the DOGTAG_9_0_BRANCH would be the proper upstream branch for CentOS 6 (COPR Builds). As such, I would agree that the DOGTAG_9_0_BRANCH should contain all code changes that the DOGTAG_9_0_RHEL_BRANCH contains.
However, it is my contention that the DOGTAG_9_0_RHEL_BRANCH should not necessarily contain all changes that are present in the DOGTAG_9_0_BRANCH. For example, if upstream development continues for CentOS 6 on the DOGTAG_9_0_BRANCH, it is not necessarily true that all of these changes would be applied as patches to the DOGTAG_9_0_RHEL_BRANCH. I would further contend that making the two branches identical serves no purpose other than porting "patches" easier between the two branches, and will almost certainly cause a problem in the patch model required for RHEL updates as the tarball is fixed source with patches applied on top of it, and therefore patches created from source code that may be polluted with upstream code would not apply cleanly to RHEL updates intended for errata purposes.
Metadata Update from @edewata: - Issue set to the milestone: 9.0
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2393
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.