[openstack-dev] We should move strutils.mask_password back into oslo-incubator
mriedem at linux.vnet.ibm.com
Thu Oct 8 13:58:06 UTC 2015
On 10/8/2015 4:21 AM, Julien Danjou wrote:
> On Wed, Oct 07 2015, Matt Riedemann wrote:
>> 2. Backport the oslo.utils change to a stable branch, release it as a patch
>> release, bump minimum required version in stable g-r and then backport the nova
>> change and depend on the backported oslo.utils stable release - which also
>> makes it a dependent library version bump for any packagers/distros that have
>> already frozen libraries for their stable releases, which is kind of not fun.
> You should not need to bump the minimum version in g-r. The minimum
> version there should be the minimal version to have working code.
> If you start bumping dependencies or dependencies of dependencies each
> time they release because a bug or a security issue is fixed, it's going
> to a never ending useless job.
> When you're an operator, you know you need to always run the latest
> stable version of the things you have in prod' to have all the fixes.
> That's common good sense.
I don't know how many operators are tracking patch releases of
dependencies on stable branches unless there is a new minimum
requirement on those, especially if they aren't getting their updates
from a distro provider. So while nova wouldn't be broken w/o the patched
oslo.utils on stable, the OSSA wouldn't be fixed in that case.
More information about the OpenStack-dev