[openstack-dev] [requirements] History lesson please

Matthew Thode prometheanfire at gentoo.org
Tue Aug 9 14:51:30 UTC 2016

On 08/09/2016 09:25 AM, Ian Cordasco wrote:
> -----Original Message-----
> From: Sean Dague <sean at dague.net>
> Reply: OpenStack Development Mailing List (not for usage questions) <openstack-dev at lists.openstack.org>
> Date: August 9, 2016 at 05:44:55
> To: openstack-dev at lists.openstack.org <openstack-dev at lists.openstack.org>
> Subject:  Re: [openstack-dev] [requirements] History lesson please
>> On 08/09/2016 02:38 AM, Tony Breeds wrote:
>>> Hi all,
>>> I guess this is aimed at the long term requirements team members.
>>> The current policy for approving requirements[1] bumps contains the following text:  
>>> Changes to update the minimum version of a library developed by the
>>> OpenStack community can be approved by one reviewer, as long as the
>>> constraints are correct and the tests pass.
>>> Perhaps I'm a little risk adverse but this seems a little strange to me. Can
>>> folks that know more about how this came about help me understand why that is?
>>> Yours Tony.
>>> [1] https://github.com/openstack/requirements/blob/master/README.rst#for-upgrading-requirements-versions  
>> With constraints, the requirements minimum bump is pretty low risk. Very
>> little of our jobs are impacted by it.
>> It's in many ways more risking to leave minimums where they are and bump
>> constraints, because the minimums could be lying that they still work at
>> the lower level.
>> -Sean
> I maintain a few libraries outside of OpenStack that have generous lower limits and testing them is resource intensive both as a developer and in continuous integration. I'd love to see OpenStack be *more* aggressive about the oldest version it supports because in most cases I severely distrust the version ranges we use. I do recognize, however, that we have to coordinate with some distributions that will not update their packaged versions (which are often an old version number with security patches poorly cherry-picked). So you may need to coordinate with them before bumping version minimums as well.
> --  
> Ian Cordasco
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

One of the things on our todo list is to test the 'lower-constraints' to
make sure they still work with the head of branch.

-- Matthew Thode (prometheanfire)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160809/1b07dc72/attachment.pgp>

More information about the OpenStack-dev mailing list