Thanks for your opinion Jay, For me it translates to: I should continue chasing dependencies instead of implementing features or addressing vulnerabilities, and, as you rightly pointed out, I should continue doing this alone. Or am I overseeing anything (no offense)? Actually I would like to disagree with your conclusions: everybody should deal with "own" responsibilities and during my Keystone work I should not take care of oslo.xxx, branching, requirements, zuul, ... - there should be people dealing with those. Right now I do not have time to work on Keystone exactly because I need to take care about everything else, keeping it just "running". The situation in the world in the last few years showed me that while globalization allows you to be more efficient it makes your system very vulnerable - a single point of failure. A balance of centralization and decentralization must be found to keep you having electricity and heating when a single rocket launched by a bad actor is enough to bring your whole electricity network down. I tried to make a point that disappearing contributors are perhaps caused by the complexity that we have and not just because nobody thinks OpenStack is relevant. And instead of accepting the state as it is, we may consider a change and try to find another way of solving the problem while helping people to actually enjoy the work. On Mon, 10 Nov 2025 at 17:43, Jay Faulkner <jay@gr-oss.io> wrote:
Hey Artem, just a note on this:
On 11/9/25 12:36 AM, Artem Goncharov wrote:
Another aspect is the spaghetti ecosystem that we have built. I can now say I spend more time fighting the dependencies and jobs that get broken without me doing anything before they broke than working on the features. Just for the sake of example, I got report of a mistake in Keystone Open API schema. The fix was fast: 2 minutes of work. But I have figured out that API-ref build job got broken. Investigation led to to the sphinx openapi extension. A direct dependency of it have a transitive dependency controlled by our constraints and was upgraded a week ago. Since my direct dependency does not have a vibrant community and it takes time to get update I am completely blocked with releasing the fix. I gave up and started simply getting rid (hoping for it to be a temporary issue) of building openapi to html as such just to be able to unblock fixes. Another example: I missed to control the commit sha of the releases change when making 2024.1 unmaintained while one change to (yet again) fix jobs in the branch was in the gate (I missed that because of amount of broken things distracting me). So the branch went unmaintained without the fix. Ok. I just cherry-pick it to the unmaintained. Good luck - the fix does not work there, come on, it is just a branch rename. I spent 2 days with different attempts and gave up, this is just unmaintained branch after all. But now I see Brian is messing with it and also "wastes" his time multiple days in a row. And the more you try to fix the more broken it becomes (even more jobs get broken on a daily basis). I think he will also give up.
I feel these frustrations greatly. I've spent a lot of my career in OpenStack chasing down CI and transitive dependencies and the like -- but this is, to me, MORE of a reason to keep our technologies unified, instead of separate. The integration issues you indicate aren't invented by us, they are *experienced* by us due to the size of the ecosystem. Separating from the ecosystem does have an immediate, positive effect on that: you've reduced the size of YOUR ecosystem and concerns accordingly.
The problem is... the issues will still exist. Just now instead of taking them on as an OpenStack group, they are pushed down to a small collection of folks doing last-minute integration. These are lessons are already learned as an ecosystem which is why, IMO, it's feature -- not a bug -- that rot in the overall ecosystem slows down individual projects. This seems to be the only way to ensure folks prioritize removing rot from the ecosystem.
To be clear: I'm not pro or anti-rust in any way, in OpenStack or otherwise, I just think this impression of speed being given by moving out of the ecosystem or changing languages is merely work that's been offloaded to others implicitly. To some extent, it's seems this may already be happening regarding keystone-ng, based on the Keystone team barely meeting deadlines to patch OSSA-2025-002 before it being disclosed before-fix due to embargo timeout.
Thanks, Jay Faulkner G-Research OSS
P.S. I do not love that this is the reality. I've mentioned multiple times that I wish you didn't need a PhD in devops to contribute to OpenStack, but the only way to work out those complexities is by working together, not by concentrating that knowledge further by passing the buck on ecosystem improvements.