[Openstack-stable-maint] Replacing oauth2 by oauthlib

Doug Hellmann doug.hellmann at dreamhost.com
Mon Mar 24 22:44:40 UTC 2014


On Mon, Mar 24, 2014 at 5:55 PM, Alan Pevec <apevec at gmail.com> wrote:

> 2014-03-24 19:14 GMT+01:00 Doug Hellmann <doug.hellmann at dreamhost.com>:
> > I tend to agree that a dependency change like this is "too big." OTOH,
> do we
> > have any security ramifications for leaving the code as-is? Would it make
> > sense to try to figure out which library is available and use it, rather
> > than requiring one or the other?
>
> That would be stable-only patch so it would be even more risky IMHO.
> I guess the solution here is to document security issues clearly in
> 2013.2.3 release notes as Adam suggested.


> Cheers,
> Alan
>

OK, I can go along with that.

Doug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-stable-maint/attachments/20140324/c028ef81/attachment-0001.html>


More information about the Openstack-stable-maint mailing list