On Tue, Jun 4, 2019, at 1:01 AM, Sorin Sbarnea wrote:
I am in favour of ditching or at least refactoring devstack because during the last year I often found myself blocked from fixing some zuul/jobs issues because the buggy code was still required by legacy devstack jobs that nobody had time maintain or fix, so they were isolated and the default job configurations were forced to use dirty hack needed for keeping these working.
One such example is that there is a task that does a "chmod -R 0777 -R" on the entire source tree, a total security threat.
This is needed by devstack-gate and *not* devstack. We have been trying now for almost two years to get people to stop using devstack-gate in favor of the zuul v3 jobs. Please don't conflate this with devstack itself, it is not related and not relevant to this discussion.
In order to make other jobs running correctly* I had to rely undoing the damage done by such chmod because I was not able to disable the historical hack.
In order to make other jobs run correctly we are asking you to stop using devstack-gate and use zuulv3 native jobs instead.
* ansible throws warning with unsafe file permissions * ssh refuses to load unsafe keys
That is why I am in favor of dropping features that are slowing down the progress of others.
Again this has nothing to do with devstack.
I know that the reality is more complicated but I also think that sometimes less* is more.
* deployment projects ;)