[oslo][requirements] Bandit Strategy
openstack at nemebean.com
Wed May 15 19:07:41 UTC 2019
On 5/15/19 1:40 PM, Jeremy Stanley wrote:
> On 2019-05-15 13:08:32 -0500 (-0500), Ben Nemec wrote:
>> The reason we did it this way is to prevent 1.6.1 from blocking
>> all of the repos again if it doesn't fix the problem or introduces
>> a new one. If so, it blocks the uncapping patches only and we can
>> deal with it on our own schedule.
> Normally, if it had been treated like other linters, projects should
> have been guarding against unanticipated upgrades by specifying
> something like a <1.6.0 version and then expressly advancing that
> cap at the start of a new cycle when they're prepared to deal with
> fixing whatever problems are identified.
Yeah, I guess I don't know why we weren't doing that with bandit. Maybe
just that it hadn't broken us previously, in which case we might want to
drop the uncap patches entirely.
More information about the openstack-discuss