[all][requirements][stable] requests version bump on stable brances {pike|queens} for CVE-2018-18074

Matthew Thode mthode at mthode.org
Wed May 22 22:12:16 UTC 2019

On 19-05-22 23:52:47, Dirk Müller wrote:
> Hi Matthew,
> > 2. add a new file, let's call it 'security-updates.txt'
> maybe better call it updates-for-known-insecure-versions.txt ;-)
> >   b. the file needs to maintain co-installability of openstack.  It is
> >      laid over the upper-constraints file and tested the same way
> >      upper-constraints is.  This testing is NOT perfect.  The generated
> >      file could be called something like
> >      'somewhat-tested-secureconstraints.txt'
> coinstallability is a problem, but I think its not the main one. But I
> agree we can try that.
> > This also sets up incrased work and scope for the requirements team.
> > Perhaps this could be a sub team type of item or something?
> Allowing for additions there doesn't immediately increase work. unless
> there is somebody actually proposing a change to review, that is. It
> doesn"t make the team magically fulfill the promise - the policy change
> would allow the review team to accept such a review as it is within
> policy.

These are all true, but even before changing anything we'd still have to
document the policy.  Perhaps that's the next step.  Do you mind
generating a policy change and proposing it (to this thread) for review?

Matthew Thode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190522/2cb8671a/attachment.sig>

More information about the openstack-discuss mailing list