[openstack-dev] [all] Kilo stable branches for "other" libraries

Thierry Carrez thierry at openstack.org
Wed Apr 8 13:55:04 UTC 2015

Hi everyone,

As you may know, in an effort to simplify stable branch maintenance and
increase their resilience to random changes, the following policy was


TL;DR is that in the future, stable branches will be cut from libraries
current versions and then expressed in global-requirements using a >= <
operator combination, to allow for non-breaking security/critical fixes
updates but not backward-incompatible changes.

While Oslo libs (under the leadership of Doug) have all adopted that
procedure early, for kilo we are left with all the other OpenStack
libraries that (1) haven't cut such stable branches yet and (2) may not
have done what they consider their final kilo release yet. At this point
in the cycle any change to requirements is highly disrupting (as it
needs to be synced to consuming projects and potentially force a release
candidate respin).

The question is, how should we proceed there ? This is new procedure, so
I'm a bit unclear on the best way forward and would like to pick our
collective brain. Should we just push requirements cap for all OpenStack
libs and create stable branches from the last tagged release everywhere
? What about other libraries ? Should we push a cap there too ? Should
we just ignore the whole thing for the Kilo release for all non-Oslo stuff ?

For the record, here is a (hopefully correct) list of the OpenStack libs
directly consumed by integrated projects:

(NB: I skipped all Oslo libs since they have been taken care of already)

python-barbicanclient>=3.0.1 (now at 3.0.3, release 9 days ago)
python-ceilometerclient>=1.0.13 (released 6 weeks ago)
python-cinderclient>=1.1.0  (now at 1.1.1, released 6 months ago)
python-designateclient>=1.0.0 (now at 1.1.1, released 4 months ago)
python-heatclient>=0.3.0 (now at 0.4.0, released 7 days ago)
python-glanceclient>=0.15.0 (now at 0.17.0, released 3 weeks ago)
python-keystoneclient>=1.1.0 (now at 1.3.0, released 14 days ago)
python-neutronclient>=2.3.11,<3 (released 8 weeks ago)
python-novaclient>=2.22.0 (now at 2.23.0, released 3 weeks ago)
python-saharaclient>=0.8.0 (released 4 weeks ago)
python-swiftclient>=2.2.0 (now at 2.4.0, released 2 weeks ago)
python-troveclient>=1.0.7 (now at 1.0.9, released 3 weeks ago)
glance_store>=0.3.0 (now at 0.4.0, released 3 weeks ago)
keystonemiddleware>=1.5.0 (released 4 weeks ago)
pycadf>=0.8.0 (released 7 weeks ago)
django_openstack_auth>=1.1.7,!=1.1.8 (now at 1.1.9, released 2 months ago)

All other non-Oslo libs in the OpenStack world do not seem to be
directly consumed by projects that have stable branches, and are
therefore likely to not maintain stable branches. Please report any
glaring omission there.

I'm especially worried with python-cinderclient, python-designateclient
and django_openstack_auth which are more than 2 months old and may well
contemplate another kilo release that could be disrupting at this point.

Thierry Carrez (ttx)

More information about the OpenStack-dev mailing list