[openstack-dev] [all] [barbican] [security] Why are projects trying to avoid Barbican, still?
Fei Long Wang
feilong at catalyst.net.nz
Mon Jan 16 21:12:08 UTC 2017
On 17/01/17 09:21, Fox, Kevin M wrote:
> IMO, This is why the big tent has been so damaging to OpenStack's progress. Instead of lifting the commons up, by requiring dependencies on other projects, there by making them commonly deployed and high quality, post big tent, each project reimplements just enough to get away with making something optional, and then the commons, and OpenStack as a whole suffers. This behavior MUST STOP if OpenStack is to make progress again. Other projects, such as Kubernetes are making tremendous progress because they are not hamstrung by one component trying desperately not to depend on another when the dependency is appropriate. They enhance the existing component until its suitable and the whole project benefits. Yes, as an isolated dev, the behavior to make deps optional seems to make sense. But as a whole, OpenStack is suffering and will become increasingly irrelevant moving forward if the current path is continued. Please, please reconsider what the current stance on dependencies is doing to
> the community. This problem is not just isolated to barbican, but lots of other projects as well. We can either help pull each other up, or we can step on each other to try and get "on top". I'd rather we help each other rather then the destructive path we seem to be on.
+ 100
As the PTL of Zaqar, I know some projects using agent are reluctant to
leverage Zaqar to resolve potential security/communication issues. As a
result, customer/deployer don't want to deploy the project. So that
said, a new dependency may make the deployment harder, but sometimes
without the support/benefit from the other services, that project may
won't be on the list unless you reimplement the wheel.
> My 2 cents.
> Kevin
>
> ________________________________________
> From: Chris Friesen [chris.friesen at windriver.com]
> Sent: Monday, January 16, 2017 9:25 AM
> To: openstack-dev at lists.openstack.org
> Subject: Re: [openstack-dev] [all] [barbican] [security] Why are projects trying to avoid Barbican, still?
>
> On 01/16/2017 10:31 AM, Rob C wrote:
>
>> I think the main point has already been hit on, developers don't want to
>> require that Barbican be deployed in order for their service to be
>> used.
> I think that this is a perfectly reasonable stance for developers to take. As
> long as Barbican is an optional component, then making your service depend on it
> has a good chance of limiting your potential install base.
>
> Given that, it seems like the ideal model from a security perspective would be
> to use Barbican if it's available at runtime, otherwise use something else...but
> that has development and maintenance costs.
>
> Chris
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
--
Cheers & Best regards,
FeiLong Wang (王飞龙)
--------------------------------------------------------------------------
Senior Cloud Software Engineer
Tel: +64-48032246
Email: flwang at catalyst.net.nz
Catalyst IT Limited
Level 6, Catalyst House, 150 Willis Street, Wellington
--------------------------------------------------------------------------
More information about the OpenStack-dev
mailing list