[oslo][requirements] Bandit Strategy

Ben Nemec openstack at nemebean.com
Wed May 15 18:08:32 UTC 2019

On 5/15/19 11:52 AM, Doug Hellmann wrote:
> Moises Guimaraes de Medeiros <moguimar at redhat.com> writes:
>> Doug, they pass now, and might fail once 1.6.1 is out and the behavior is
>> not fixed, but that will probably need a recheck on a passed job. The -W
>> would be just a reminder not to merge them by mistake.
> Oh, I guess I assumed we would only be going through this process for
> repos that are broken. It makes sense to be consistent across all of
> them, though, if that was the goal.

The reason they pass right now is that there is no newer release than 
1.6.0, so the != exclusion is effectively the same as the < cap. Once 
1.6.1 releases that won't be the case, but in the meantime it means that 
both forms behave the same.

The reason we did it this way is to prevent 1.6.1 from blocking all of 
the repos again if it doesn't fix the problem or introduces a new one. 
If so, it blocks the uncapping patches only and we can deal with it on 
our own schedule.

More information about the openstack-discuss mailing list