[all][requirements][stable] requests version bump on stable brances {pike|queens} for CVE-2018-18074

Dirk Müller dirk at dmllr.de
Wed May 22 21:52:47 UTC 2019

Hi Matthew,

> 2. add a new file, let's call it 'security-updates.txt'

maybe better call it updates-for-known-insecure-versions.txt ;-)

>   b. the file needs to maintain co-installability of openstack.  It is
>      laid over the upper-constraints file and tested the same way
>      upper-constraints is.  This testing is NOT perfect.  The generated
>      file could be called something like
>      'somewhat-tested-secureconstraints.txt'

coinstallability is a problem, but I think its not the main one. But I
agree we can try that.

> This also sets up incrased work and scope for the requirements team.
> Perhaps this could be a sub team type of item or something?

Allowing for additions there doesn't immediately increase work. unless
there is somebody actually proposing a change to review, that is. It
doesn"t make the team magically fulfill the promise - the policy change
would allow the review team to accept such a review as it is within

More information about the openstack-discuss mailing list