Re: [Nbd] Almost ready for release?

To: Wouter Verhelst <w@...112...>
Cc: "nbd-general@lists.sourceforge.net" <nbd-general@lists.sourceforge.net>
Subject: Re: [Nbd] Almost ready for release?
From: Alex Bligh <alex@...872...>
Date: Wed, 9 Nov 2016 10:02:55 +0000
Message-id: <115CBD65-2441-4016-9E3E-21DD082A1E6E@...872...>
In-reply-to: <20161108233905.xpcfbpfaj4iat6b6@...3...>
References: <20161108233905.xpcfbpfaj4iat6b6@...3...>

Wouter,

> On 8 Nov 2016, at 23:39, Wouter Verhelst <w@...112...> wrote:
> 
> Hi folks,
> 
> The STARTTLS implementation in nbd-server is almost ready. Still TODO:
> 
> - Interoperability testing against qemu (yes, yes, I said I'd do that
>  earlier, but hey)
> - Client certificate validation
> - Enforcing TLS1.2 by default
> - Allowing versions of GnuTLS older than 3.3

I think we should do at least the last of those prior to release
because it will stop nbd compiling on several distros otherwise.
The change is pretty simple I think - and even if it's not it's
already done for you in my proxy code. Not sure whether you are
suggesting the release should wait for that or not (as
"Other than that I think we're good" implies yes, "I think
it's time to release" implies no").

My preference would be to wait until the above are fixed (and
I need to apologise as I said I'd do qemu interop testing too and
didn't), but if not, we should at least fix the last and mark
TLS support as beta.

I have one bug filed against my proxy code (obscure error
handling issue) I have been procrastinating looking at. I will
copy that over if it needs fixing.

> Other than that, I think we're good.
> 
> Alex: I pulled the nbd-client and nbd-tester-client implementation from
> your 'add-tls-support' branch, and it seems to work well; at the very
> least, the current implementation passes the test suite. Man page
> updates have been written too. I've had to make a few small changes to
> make it work on current git HEAD, but most of it is pretty much
> unchanged from your code.

Yup. On the server side, there is still one reference to tls_dir
in the man page (whereas the remainder shows it has similar
parameters to the client). The man page also refers to client
certificate checking (which is correct - it just needs implementing
and testing).

> In total, there's 80 commits since 3.14 up to current master, a number
> of new features (multiple connections, STARTTLS, splice), and a few bug
> fixes.
> 
> I think it's time to release.

TLS bits aside, I agree, though
  https://github.com/NetworkBlockDevice/nbd/issues/35
is a bit annoying.

--
Alex Bligh

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply to:

Follow-Ups:
- Re: [Nbd] Almost ready for release?
  - From: Alex Bligh <alex@...872...>
- Re: [Nbd] Almost ready for release?
  - From: Wouter Verhelst <w@...112...>

References:
- [Nbd] Almost ready for release?
  - From: Wouter Verhelst <w@...112...>

Prev by Date: [Nbd] Almost ready for release?
Next by Date: Re: [Nbd] Almost ready for release?
Previous by thread: [Nbd] Almost ready for release?
Next by thread: Re: [Nbd] Almost ready for release?
Index(es):
- Date
- Thread