[38750] in Kerberos
Re: Replacing master/slave terminology
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jun 10 17:06:25 2020
To: Nate Coraor <nate@bx.psu.edu>, <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <e8859ebf-fc22-b5d3-4e7d-cde01f109ba5@mit.edu>
Date: Wed, 10 Jun 2020 17:03:44 -0400
MIME-Version: 1.0
In-Reply-To: <CALT861FQ69MShuh5ufGZStUj5OiY4rTYVLOX4WragG6j=6n7eg@mail.gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 6/10/20 3:48 PM, Nate Coraor wrote:
> I'd like to propose that an effort be made to replace master/slave
> terminology in MIT and Heimdal implementations at some future milestone.
MIT krb5 switched to using "replica" for non-primary KDCs as of release
1.17. This was an easy change technically, as the old term was only
used in a user-visible way in documentation and in the name of one
profile relation. The pull request for that change was here:
https://github.com/krb5/krb5/pull/851
Replacing the term "master" is a larger technical challenge. We use
that term in a DNS SRV record label (_master_kdc), and migrating that
would come with a cost in network traffic and latency. Aside from the
kprop architecture, we also use the term "master key" to describe the
key used to encrypt long-term keys in the KDC database.
I have rationalized to myself that the term "master" is the less
problematic of the two terms, as it is used in a lot of different
contexts (such as physical master keys, martial arts masters, master
plumbers, and master recordings of records). But I don't know if that
rationalization is adequate; from recent discussion I know that git's
use of "master" for the initial default branch name has become a point
of contention.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
