These questions are community-driven. I am also not the original questioner, I'm just posting them with permission. Thank you to the anonymous folks who helped gather this information.
Software Update Server related:
- This product is officially deprecated (which we all knew). It has no future, guaranteed.
- They were surprised, however, that the ability to set a custom CatalogURL as an argument to /usr/sbin/softwareupdate (client) disappeared at some point.
1. See github dot com / munki / munki / issues / 511 as an example of this issue.
2. They rely on that internally, obviously.
- This functionality should exist at all times; file a bug report at any point we don't see this happening (and maybe this something Munki can go back to using?)
- They weren't aware of Reposado, but I showed it to them and they like the idea. I asked if they had any plans to obstruct or otherwise change how it works in a way that would break this functionality, and they didn't seem to be cagey about it. Sounds like Software Update has no intended architectural changes in the future, so we likely don't have to worry about Reposado not working anytime soon, even if they officially deprecate SUS as a feature of Server.app.
- It still exists in a contextual menu in Server.app; it's just hidden in the UI.
File Sharing / Sharing server features related:
- Only one person knew that “/usr/bin/sharing” existed. That kinda explains why it's awful.
- FILE AN ENHANCEMENT REQUEST: Again, sharing has terrible output. File a request for a -plist output option (as well as a separate request for a -plist input option).
- “sharing” is now the only way to manage file sharing programmatically, and it is bad at it
- The inability to delete file shares in the System Preferences in 10.13b1 is a bug and fixed in seed 2
Profile related:
- They are actively working on making Profile Manager not require turning on OpenDirectory. Like, very soon.
- Combining profiles / profile compositing results in officially 'undefined' behavior; that is not expected to change any time soon.
- I told them about how com.apple.ScreenSaver profiles result in a broken / lying UI in the System Preferences and they were surprised; they hadn't heard that bug.
- FILE A BUG REPORT, obviously, but they took notes
- FILE AN ENHANCEMENT REQUEST: Gatekeeper for profiles, basically. The ability to restrict unsigned profiles from being installed; the ability to control which CAs are allowed to sign profiles and install them; etc.
- FILE AN ENHANCEMENT REQUEST: 802.1x profiles resulting in untrusted certificate chains.
Security (the CLI command) related:
- The new (lack of) trust behavior with the security command requiring user password input was a surprise to them;
- FILE AN ENHANCEMENT REQUEST: a command line argument to pass in user credentials as stdin, so it won't be stored in the process list.
See complete list of session and lab notes here: