[Opendnssec-develop] Fwd: [Opendnssec-maintainers] supported sqlite3 version
Jerry Lundström
jerry at opendnssec.org
Wed Apr 10 18:25:15 UTC 2013
Did we not discuss having mysql as primary db? That would solve all issues
with dists not having the right sqlite version.
/Jerry
Begin forwarded message:
*From:* Paul Wouters <pwouters at redhat.com>
*Date:* 10 april 2013 20:17:40 CEST
*To:* opendnssec-maintainers at lists.opendnssec.org
*Subject:* *Re: [Opendnssec-maintainers] supported sqlite3 version*
On 04/10/2013 08:16 AM, John Dickinson wrote:
The OpenDNSSEC developers would like your input on the impact of changing
the required version of sqlite3 in future releases of OpenDNSSEC (v1.3,
v1.4 and v2). Currently the enforcer checks for at least sqlite3 >= 3.3.9
which is very old.
We would like to raise this requirement to sqlite3 >= 3.7.0 as this would
allow us to:
1. Enforce foreign key constraints. http://www.sqlite.org/foreignkeys.html
2. Make use of the WAL to better handle locking issues.
http://www.sqlite.org/wal.html
Impact of this change:
RHEL and derivatives ship with 3.6.20
Ubuntu 10.04 LTS ships with 3.6.22
Users of these OS's would need to install/upgrade sqlite3. Users on recent
*BSD or Solaris 11 should be OK.
That is a nightmare because you'd have to create an sqlite36 package or an
sqlite37 package that installs in a non-default location to avoid affecting
other software that cannot use 3.7 due to possible API changes. It will not
be possible to ship such a version of opendnssec in EPEL-6 as we currently
do.
I would recommend waiting for RHEL and ubuntu LTS to be upgraded before
demanding this switch. RHEL-7 will have sqlite 3.7.x.
Related, opendnssec won't be able to get into RHEL-6 properly (as opposed
to being in EPEL-6) as long as it uses a non-approved/non-certified crypto
library (botan). The only allowed crypto libraries are nss, openssl and
libgcrypt.
Paul
_______________________________________________
Opendnssec-maintainers mailing list
Opendnssec-maintainers at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-maintainers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20130410/561e6752/attachment.htm>
More information about the Opendnssec-develop
mailing list