[oslo][requirements] Bandit Strategy

Jeremy Stanley fungi at yuggoth.org
Wed May 15 18:40:34 UTC 2019

On 2019-05-15 13:08:32 -0500 (-0500), Ben Nemec wrote:
> The reason we did it this way is to prevent 1.6.1 from blocking
> all of the repos again if it doesn't fix the problem or introduces
> a new one. If so, it blocks the uncapping patches only and we can
> deal with it on our own schedule.

Normally, if it had been treated like other linters, projects should
have been guarding against unanticipated upgrades by specifying
something like a <1.6.0 version and then expressly advancing that
cap at the start of a new cycle when they're prepared to deal with
fixing whatever problems are identified.
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190515/dcb70aca/attachment.sig>

More information about the openstack-discuss mailing list