Open Stack

> I expect the TC is going to choose Ubuntu 22.04 LTS as a target
> platform for at least the OpenStack 2023.2 and 2024.1 coordinated
> releases, but almost certainly the 2024.2 coordinated release as
> well since Ubuntu 24.04 LTS won't be officially available before we
> start that development cycle. That means the first coordinated
> OpenStack release which would be able to effectively depend on
> features from a newer python3-cryptography package on Ubuntu is
> going to be 2025.1. Food for thought.
>

To be explicit, that testing platform means we require that OpenStack and
its dependencies are installable *in a virtualenv*, not using distro
python. So while this is a small imitation for this case (we cannot use
cryptography that might require newer tooling to build than that ubuntu LTS
would), the real motivation behind holding onto a lower-constraint for a
longer time is in partnership with stable distros that ship OpenStack, who
we don't want to alienate by giving them extra work of using newer releases
than they are ready to.

I am OK with this approach; but there is a trade-off: we may be leading
OpenStack consumers who don't use distro packaging that it's OK to use an
older cryptography which may not have security support. It'd be interesting
if we could ensure backwards compatibility through testing while also
ensuring that anything installed with pip gets a new enough version... but
frankly, I don't know offhand what approach would be best to do that, and I
don't have the time to pursue it myself so the status quo wins :D.

Thanks for talking this through, I like when we're explicit about the
motivations for what we do!


--
Jay Faulkner
Ironic PTL
TC Member
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230310/012742dd/attachment-0001.htm>