[openstack-dev] We should move strutils.mask_password back into oslo-incubator

Robert Collins robertc at robertcollins.net
Wed Oct 7 23:00:34 UTC 2015

On 8 October 2015 at 08:38, Matt Riedemann <mriedem at linux.vnet.ibm.com> wrote:
> Here's why:
> https://review.openstack.org/#/c/220622/
> That's marked as fixing an OSSA which means we'll have to backport the fix
> in nova but it depends on a change to strutils.mask_password in oslo.utils,
> which required a release and a minimum version bump in global-requirements.
> To backport the change in nova, we either have to:
> 1. Copy mask_password out of oslo.utils and add it to nova in the backport
> or,
> 2. Backport the oslo.utils change to a stable branch, release it as a patch
> release, bump minimum required version in stable g-r and then backport the
> nova change and depend on the backported oslo.utils stable release - which
> also makes it a dependent library version bump for any packagers/distros
> that have already frozen libraries for their stable releases, which is kind
> of not fun.
> So I'm thinking this is one of those things that should ultimately live in
> oslo-incubator so it can live in the respective projects. If mask_password
> were in oslo-incubator, we'd have just fixed and backported it there and
> then synced to nova on master and stable branches, no dependent library
> version bumps required.
> Plus I miss the good old days of reviewing oslo-incubator syncs...(joking of
> course).

Whats wrong with 2?  I mean, other than the work needed *because* we
made branches of oslo.utils: something I hope we can stop doing in M
(I have a draft spec up about this...)

Libraries have security bugs too, and packagers/distros need to update
them as well as the API servers: this is one of the reasons we have
backpressure on libraries being admitted into our dependency chain.


Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Converged Cloud

More information about the OpenStack-dev mailing list