Dmitry, that is an excellent callout. We ideally need to limit single points of failure in our codebase and dependencies where reasonably possible. We need to be mindful of the ability to remedy security issues should they be discovered.

-Julia

On Mon, Jun 10, 2024 at 7:33 AM Dmitry Tantsur <dtantsur@protonmail.com> wrote:
Hi,

If we go with this proposal (which sounds reasonable), we need to
carefully look at cotyledon's maintenance. It seems to be on life
support by only one volunteer:
https://github.com/sileht/cotyledon/commits/main/

Dmitry

On 6/10/24 11:09 AM, Daniel Bengtsson wrote:
> Hi there,
>
> In the project to remove eventlet from openstack[1], we need to adapt
> oslo.service. The oslo.service project is strongly linked to eventlet,
> so rather than adapting the project, it would be wiser to deprecate it
> and replace it with cotyledon and futurist. The cotyledon project was
> created by openstack maintainers to replace oslo.service. It is already
> used in openstack by the telemetry project, for example. The
> oslo.service project has been created on top of eventlet to offer two
> main functionalities, periodic tasks and workers process management. The
> first feature has been replaced by another library called futurist[2]
> and the second is surpassed by cotyledon. More details in the project
> readme[3] about the difference with oslo.service. I would like to have
> your feedback and opinion on the deprecation of olso.service and it's
> replacement by cotyledon and futurist. In any case, we'll have to adapt
> the project, which is why replacing oslo.service with cotyledon seems to
> me the best solution, rather than having two similar projects doing the
> same thing.
>
> [1] https://review.opendev.org/c/openstack/governance/+/902585
> [2] http://docs.openstack.org/developer/futurist/
> [3] https://github.com/sileht/cotyledon/blob/main/README.rst
>
> --
> Daniel Bengtsson
> Software Engineer
>