[dev][requirements][security-sig][tc]cryptography min version (non-rust) through 2024.1
Jeremy Stanley
fungi at yuggoth.org
Tue Mar 7 17:23:18 UTC 2023
On 2023-03-07 11:19:26 -0500 (-0500), Corey Bryant wrote:
[...]
> The current upper-constraint for cryptography is 38.0.2, but the
> various requirements.txt min versions are much lower (e.g.
> keystone has cryptography>=2.7). This is likely to lead to patches
> landing with features that are only in 38.0.2, so it will likely
> be difficult to enforce min version support. But perhaps a stance
> toward maintaining compatibility could be established.
[...]
While introducing specific tests for this would not be trivial,
maybe it's one of those situations where we try to avoid breaking
compatibility with older versions and don't reject patches when
people find that something has inadvertently started depending on a
feature only available in the Rust-based builds?
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230307/58b239cf/attachment-0001.sig>
More information about the openstack-discuss
mailing list