[openstack-dev] [keystone] [oslo] postpone key distribution bp until icehouse?

Thierry Carrez thierry at openstack.org
Wed Aug 14 17:06:48 UTC 2013

Adam Young wrote:
> On 08/13/2013 06:20 PM, Dolph Mathews wrote:
>> During today's project status meeting [1], the state of KDS was
>> discussed [2]. To quote ttx directly: "we've been bitten in the past
>> with late security-sensitive stuff" and "I'm a bit worried to ship
>> late code with such security implications as a KDS." I share the same
>> concern, especially considering the API only recently went up for
>> formal review [3], and the WIP implementation is still failing
>> smokestack [4].
> Since KDS is a security tightening in acase where there is no security
> at all, adding it in can only improve security.

It's not really a question of "more security" or "less security"... It's
about putting young sensitive code into a release, with the risk of
having to issue a lot of security advisories for early bugs.

I'm all for that code to land in the icehouse master branch as soon as
it opens and that it gets put into good use by projects throughout the
icehouse development cycle. I just think the benefits of waiting
outweigh the benefits of landing it now.

I explained why I prefer it to land in a few weeks rather than now...
Can someone explain why they prefer the reverse ? Why does it have to be
in havana ?

Thierry Carrez (ttx)

More information about the OpenStack-dev mailing list