[openstack-dev] [nova] To rootwrap or piggyback privsep helpers?
Clint Byrum
clint at fewbar.com
Thu Jan 26 14:55:35 UTC 2017
Excerpts from Thierry Carrez's message of 2017-01-26 10:08:52 +0100:
> Michael Still wrote:
> > I think #3 is the right call for now. The person we had working on
> > privsep has left the company, and I don't have anyone I could get to
> > work on this right now. Oh, and we're out of time.
>
> Yes, as much as I'm an advocate of privsep adoption, I don't think the
> last minutes before feature freeze are the best moment to introduce a
> single isolated privsep-backed command in Nova. So I'd recommend #3.
>
> In an ideal world, Nova would start migrating existing commands early in
> Pike so that in the near future, adding new privsep-backed commands
> doesn't feel so alien.
>
Would it be too radical to propose the full migration of everything to
privsep as a Pike community goal?
More information about the OpenStack-dev
mailing list