[openstack-dev] [barbican] Project Navigator Out of Date?
Ian Cordasco
sigmavirus24 at gmail.com
Mon Jan 16 13:55:12 UTC 2017
Hi barbicaneers (I don't actually know what y'all call yourselves :)),
Related to the other thread I just started, I was looking at the
project navigator [1] for Barbican and found some things that look
wrong (to an outsider) and was hoping could be cleared up.
First, "Is this project maintained following the common Stable branch
policy?" appears to be "Yes" now. I notice you have stable branches
that actually look stable. Are y'all working with the stable
maintenance team on them?
Second, "Does this project follows standard deprecation?" I'm not
(yet) a user of Barbican, but are you still not following the standard
deprecation policy?
Third, "Existence and quality of packages for this project in popular
distributions." it seems Fedora [2], Debian [3], Ubuntu [4], and
OpenSUSE [5] all have packages (including in stable versions). I can't
speak to the quality of the packages, but knowing the hard work most
of our downstream redistributors put into those packages, I'm certain
they're good quality. This should *definitely* be updated, in my
opinion.
Finally, "Are vulnerability issues managed by the OpenStack security
team?". I know that the OpenStack Security Project worked with the
Barbican team to come up with a vulnerability analysis a few midcycles
ago. Is that roughly where you all stopped? Is there a reason you
haven't attempted to work with the VMT on security issues?
Hopefully my agenda is obvious - I'd like to see fewer projects
attempting to implement their own secret storage and instead use
Barbican. Keeping the navigator up-to-date seems (to me) to be a good
way to improve Barbican's image. I would be happy to work with you all
(with what little time I have) to update the navigator to better
reflect Barbican's reality.
[1]: https://www.openstack.org/software/releases/newton/components/barbican
[2]: https://apps.fedoraproject.org/packages/s/barbican
[3]: https://packages.debian.org/search?keywords=barbican&searchon=all&suite=all§ion=all
[4]: http://packages.ubuntu.com/search?keywords=barbican&searchon=names&suite=all§ion=all
[5]: https://software.opensuse.org/search?utf8=✓&q=barbican&search_devel=false&search_unsupported=false&baseproject=openSUSE:Leap:42.2
Cheers,
--
Ian Cordasco
More information about the OpenStack-dev
mailing list