[oslo][requirements] Bandit Strategy

Ben Nemec openstack at nemebean.com
Wed May 15 19:07:41 UTC 2019

On 5/15/19 1:40 PM, Jeremy Stanley wrote:
> On 2019-05-15 13:08:32 -0500 (-0500), Ben Nemec wrote:
> [...]
>> The reason we did it this way is to prevent 1.6.1 from blocking
>> all of the repos again if it doesn't fix the problem or introduces
>> a new one. If so, it blocks the uncapping patches only and we can
>> deal with it on our own schedule.
> Normally, if it had been treated like other linters, projects should
> have been guarding against unanticipated upgrades by specifying
> something like a <1.6.0 version and then expressly advancing that
> cap at the start of a new cycle when they're prepared to deal with
> fixing whatever problems are identified.
Yeah, I guess I don't know why we weren't doing that with bandit. Maybe 
just that it hadn't broken us previously, in which case we might want to 
drop the uncap patches entirely.

More information about the openstack-discuss mailing list