<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Did we not discuss having mysql as primary db? That would solve all issues with dists not having the right sqlite version.<br>
<br>/Jerry</div><div><br>Begin forwarded message:<br><br></div><blockquote type="cite"><div><b>From:</b> Paul Wouters <<a href="mailto:pwouters@redhat.com">pwouters@redhat.com</a>><br><b>Date:</b> 10 april 2013 20:17:40 CEST<br>
<b>To:</b> <a href="mailto:opendnssec-maintainers@lists.opendnssec.org">opendnssec-maintainers@lists.opendnssec.org</a><br><b>Subject:</b> <b>Re: [Opendnssec-maintainers] supported sqlite3 version</b><br><br></div></blockquote>
<blockquote type="cite"><div><span>On 04/10/2013 08:16 AM, John Dickinson wrote:</span><br><span></span><br><blockquote type="cite"><span>The OpenDNSSEC developers would like your input on the impact of changing the required version of sqlite3 in future releases of OpenDNSSEC (v1.3, v1.4 and v2). Currently the enforcer checks for at least sqlite3 >= 3.3.9 which is very old.</span><br>
</blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>We would like to raise this requirement to sqlite3 >= 3.7.0 as this would allow us to:</span><br></blockquote><blockquote type="cite">
<span>1. Enforce foreign key constraints. <a href="http://www.sqlite.org/foreignkeys.html">http://www.sqlite.org/foreignkeys.html</a></span><br></blockquote><blockquote type="cite"><span>2. Make use of the WAL to better handle locking issues. <a href="http://www.sqlite.org/wal.html">http://www.sqlite.org/wal.html</a></span><br>
</blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Impact of this change:</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite">
<span>RHEL and derivatives ship with 3.6.20</span><br></blockquote><blockquote type="cite"><span>Ubuntu 10.04 LTS ships with 3.6.22</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite">
<span>Users of these OS's would need to install/upgrade sqlite3. Users on recent *BSD or Solaris 11 should be OK.</span><br></blockquote><span></span><br><span>That is a nightmare because you'd have to create an sqlite36 package or an sqlite37 package that installs in a non-default location to avoid affecting other software that cannot use 3.7 due to possible API changes. It will not be possible to ship such a version of opendnssec in EPEL-6 as we currently do.</span><br>
<span></span><br><span>I would recommend waiting for RHEL and ubuntu LTS to be upgraded before demanding this switch. RHEL-7 will have sqlite 3.7.x.</span><br><span></span><br><span>Related, opendnssec won't be able to get into RHEL-6 properly (as opposed to being in EPEL-6) as long as it uses a non-approved/non-certified crypto library (botan). The only allowed crypto libraries are nss, openssl and libgcrypt.</span><br>
<span></span><br><span>Paul</span><br><span></span><br><span>_______________________________________________</span><br><span>Opendnssec-maintainers mailing list</span><br><span><a href="mailto:Opendnssec-maintainers@lists.opendnssec.org">Opendnssec-maintainers@lists.opendnssec.org</a></span><br>
<span><a href="https://lists.opendnssec.org/mailman/listinfo/opendnssec-maintainers">https://lists.opendnssec.org/mailman/listinfo/opendnssec-maintainers</a></span><br></div></blockquote></body></html>