On 19-05-22 23:52:47, Dirk Müller wrote:
Hi Matthew,
2. add a new file, let's call it 'security-updates.txt'
maybe better call it updates-for-known-insecure-versions.txt ;-)
b. the file needs to maintain co-installability of openstack. It is laid over the upper-constraints file and tested the same way upper-constraints is. This testing is NOT perfect. The generated file could be called something like 'somewhat-tested-secureconstraints.txt'
coinstallability is a problem, but I think its not the main one. But I agree we can try that.
This also sets up incrased work and scope for the requirements team. Perhaps this could be a sub team type of item or something?
Allowing for additions there doesn't immediately increase work. unless there is somebody actually proposing a change to review, that is. It doesn"t make the team magically fulfill the promise - the policy change would allow the review team to accept such a review as it is within policy.
These are all true, but even before changing anything we'd still have to document the policy. Perhaps that's the next step. Do you mind generating a policy change and proposing it (to this thread) for review? -- Matthew Thode