[openstack-dev] [devstack] Possible issues cryptography 1.0 and os-client-config 1.6.2

Chris Dent chdent at redhat.com
Fri Aug 14 08:31:35 UTC 2015


On Thu, 13 Aug 2015, Sean M. Collins wrote:

> Do we want to make it a default to True for users of DevStack? I think
> it may be worth considering since I'm not familiar with this issue
> with crypto and having something that protects devs who are trying to
> work on stuff and using DevStack , sounds good. Less cryptic day to
> day breakage for new developers just getting started and using
> DevStack is a goal I have, long term (where possible).

While I understand the practical considerations of using upper
constraints in the gate I think using them locally when doing the
"dev" part of using devstack has some unintended consequences that
we need to think about (assuming my implicit conclusion below is
correct).

The main issue is that it moves our use of all these libraries from
a position of participation to consumption. If we are only using
known-good constrained libs then we are not being a part of the
broader ecosystem that finds and fixes bugs in Python libraries.

That may seem a bit esoteric or idealistic but it is one of the
aspects of open source collaboration that I think is truly great:
project evolution as a result of cross-pollination.

This is not to say that I'm not sympathetic to the problem of
cryptic day to day breakage. It's a significant issue but I'm not
sure the way to fix that problem is by becoming more static.
Breakage is a bug, it needs to be visible so it can be fixed, not
masked.

All that idealism of course has to be modulated by pragmatism, but
not forgotten.

-- 
Chris Dent tw:@anticdent freenode:cdent
https://tank.peermore.com/tanks/cdent



More information about the OpenStack-dev mailing list