[openstack-dev] OpenStack Developer Mailing List Digest September 17-23
mike at openstack.org
Mon Sep 26 19:45:27 UTC 2016
HTML version: http://www.openstack.org/blog/2016/09/openstack-developer-mailing-list-digest-20160923/
* A MQTT based unified message bus for infra services.
* This allows a single place to go for consuming messages of events from infra
* Two interfaces for subscribing to topics:
- MQTT protocol on the default port
- Websockets over port 80
* Launchpad and gerrit events are the only things currently sending message to
firehose, but the plan is to expand this.
* An example  of gerritbot on the consuming side, which has support for
subscribing to gerrit event stream over MQTT.
* A spec giving details on firehose .
* Docs on firehose .
* Full thread: http://lists.openstack.org/pipermail/openstack-dev/2016-September/103985.html
Release countdown for week R-1, 26-30
* Focus: All teams should be working on release-critical bugs before the final
- 29th September is the deadline for the new release candidates or release
from intermediary projects.
- Quiet period to follow before the last release candidates on 6th October.
* Release actions:
- Projects not following the milestone-based release model who want
a stable/newton branch created should talk to the release team.
- Watch for translation patches and merge them quickly to ensure we have as
many user-facing strings translated as possible in the release candidates.
-- If your project has already been branched, make sure those patches are
applied to the stable branch.
- Liaisons for projects with independent deliverables should import the
release history by preparing patches to openstack/release.
* Important Dates:
- Newton last RC, 29 September
- Newton final release, 6 October
- Newton release schedule 
* Full thread: http://lists.openstack.org/pipermail/openstack-dev/2016-September/103252.html
Removal of Security and OpenStackSalt Project Teams From the Big Tent
* The Security and OpenStackSalt projects are without PTLs. Projects leaderless
default to the Technical Committee for decision of what to do with the
project . Majority of the Technical Committee has agreed to have these
* OpenStackSalt is a relatively new addition to the Big Tent, so if they got
their act together, they could be reproposed.
* We still need to care about security., and we still need a home for the
vulnerability management team (VMT). The suggested way forward is to have the
VMT apply to be its own official project team, and have security be a working
* The Mitaka PTL for the Security mentions missing the election date, but
provides some things the team has been working on:
- Issuing Security Notes for Glance, Nova, Horizon, Bandit, Neutron and
- Updating the security guide (the book we wrote on securing OpenStack)
- Hosting a midcycle and inducting new members
- Supporting the VMT with several embargoed and complex vulnerabilities
- Building up a security blog
- Making OpenStack the biggest open source project to ever receive the Core
- Infrastructure Initiative Best Practices Badge
- Working on the OpenStack Security Whitepaper
- Developing CI security tooling such as Bandit
* One of the Technical Committee members privately received information that
explains why the security PTL was not on top of things. With ~60 teams around
there will always be one of two that miss, but here we're not sure it passes
the bar of “non-alignment with the community” that would make the security
team unfit to be an official OpenStack Team.
* Full thread: http://lists.openstack.org/pipermail/openstack-dev/2016-September/thread.html#104170
 - http://git.openstack.org/cgit/openstack-infra/gerritbot/commit/?id=7c6e57983d499b16b3fabb864cf3b
 - http://specs.openstack.org/openstack-infra/infra-specs/specs/firehose.html
 - http://docs.openstack.org/infra/system-config/firehose.html
 - http://releases.openstack.org/newton/schedule.html
 - http://docs.openstack.org/project-team-guide/open-community.html#technical-committee-and-ptl-elections
More information about the OpenStack-dev