The Beta release criteria for rolekit were largely copied from the PRD
and Technical Specification. One of these bits was this:
"Release-blocking roles must be able to report their status in regard to
the system firewall as described in the technical specification."
The tech spec reads:
"Roles will be required to support the following API: ... A query
interface providing metadata information about the role (not all roles
must implement all parts of this, bold lines are mandatory): ... A
list of the ports that the role operates on, as well as data about
whether those ports are currently firewalled."
Unfortunately, rolekit does not currently have this capability. Thomas
and I decided during development to defer that (because this information
is available through the firewalld API and firewall-cmd as well), but we
forgot to communicate it to the rest of the Server SIG.
As a result, we (the Server WG) need to make a decision: Do we believe
that this firewall status API is important enough to slip Beta. Because
there's no chance we will be able to implement this in time for
tonight's compose.
Proposal: The requirement to be able to list the role's related firewall
state is deferred to Fedora 22 and should be removed from the release
criteria.
I am +1. Please vote immediately, as we do not have much time.