[openstack-dev] Please do NOT use "vendorized" versions of anything (here: glanceclient using requests.packages.urllib3)

Mark Washenberger mark.washenberger at markwash.net
Fri Sep 19 19:22:15 UTC 2014

Previous message: [openstack-dev] Please do *NOT* use "vendorized" versions of anything (here: glanceclient using requests.packages.urllib3)
Next message: [openstack-dev] Please do *NOT* use "vendorized" versions of anything (here: glanceclient using requests.packages.urllib3)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 19, 2014 at 11:26 AM, Chmouel Boudjnah <chmouel at enovance.com>
wrote:

>
> On Fri, Sep 19, 2014 at 6:58 PM, Donald Stufft <donald at stufft.io> wrote:
>
>> So you can remove all that code and just let requests/urllib3 handle it
>> on 3.2+, 2.7.9+ and for anything less than that either use conditional
>> dependencies to have glance client depend on pyOpenSSL, ndg-httpsclient,
>> and pyasn1 on Python 2.x, or let them be optional and if people want to
>> disable TLS compression in those versions they can install those versions
>> themselves.
>
>
>
> we have that issue as well for swiftclient, see the great write-up from
> stuart here :
>
> https://answers.launchpad.net/swift/+question/196920
>
> just removing it this and let hope that users uses bleeding edge python
> (which they don't) is not going to work for us. and the pyOpenSSL way is
> very unfriendly to the end-user as well.
>
> Chmouel
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
I'm very sympathetic with Chmouel's assessment, but it seems like adding
pyasn1 and ndg-httpsclient dependencies is relatively straightforward and
does not incur a substantial additional overhead on the install process. We
already depend on pyOpenSSL, which seems to be the main contributor to
glanceclient's list of unsavory dependencies. We would need to add
ndg-httpsclient to openstack/requirements, as well, but I assume that is
doable.

I'm a bit disappointed that even with the "fix", the requests/urllib3 stack
is still trying to completely make this transport level decision for me.
Its fine to have defaults, but they should be able to be overridden.

For this release cycle, the best answer IMO is still just to switch to a
conditional import of requests.packages.urllib3 in our test module, which
was the original complaint.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140919/e22ea4d8/attachment.html>

Previous message: [openstack-dev] Please do *NOT* use "vendorized" versions of anything (here: glanceclient using requests.packages.urllib3)
Next message: [openstack-dev] Please do *NOT* use "vendorized" versions of anything (here: glanceclient using requests.packages.urllib3)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the OpenStack-dev mailing list