[oslo][nova][glance][cinder] move cursive library to oslo?
Hello Oslo Team, Nova, Glance, and Cinder all make use of the 'cursive' library for image-signature-validation. The library is currently in the 'x' namespace: https://opendev.org/x/cursive The current cursive-core team entirely consists of members of the Johns Hopkins University Applied Physics Laboratory, which ended its involvement with OpenStack in July 2018 [0]. This leaves us in a position where three of the major openstack projects depend on a library to which no one currently around can approve code changes. I'd like to propose that the cursive library be moved back to the 'openstack' namespace and be put under Oslo governance with the consuming teams sharing the maintenance of the library. I don't think this will make much new work for the Oslo team--the library has been very stable and hasn't changed in over 2 years--but it will ensure that should any bugfixes be required, there will be oslo team members who can approve the patches. Thanks for thinking this over, brian [0] http://lists.openstack.org/pipermail/openstack-dev/2018-July/131978.html
+1 from my side. As discussed yesterday with Luigi (tosky) it makes sense to me to host that under the Oslo scope, however I would appreciate to get feedback from other Oslo team members before doing anything. Even if this project seems stable we still need to continue to maintain the current code base to keep the code up-to-date and compatible with the next Python versions. Concerning the "release" point of view of this topic, if this project is stable enough I think we can adopt directly the release independent model [1]. It would help us to reduce the maintenance related to stable branches (backport fixes etc...). Do you have any opinion on this? Hervé [1] https://releases.openstack.org/reference/release_models.html#independent Le mar. 15 déc. 2020 à 06:01, Brian Rosmaita <rosmaita.fossdev@gmail.com> a écrit :
Hello Oslo Team,
Nova, Glance, and Cinder all make use of the 'cursive' library for image-signature-validation. The library is currently in the 'x' namespace: https://opendev.org/x/cursive
The current cursive-core team entirely consists of members of the Johns Hopkins University Applied Physics Laboratory, which ended its involvement with OpenStack in July 2018 [0].
This leaves us in a position where three of the major openstack projects depend on a library to which no one currently around can approve code changes.
I'd like to propose that the cursive library be moved back to the 'openstack' namespace and be put under Oslo governance with the consuming teams sharing the maintenance of the library. I don't think this will make much new work for the Oslo team--the library has been very stable and hasn't changed in over 2 years--but it will ensure that should any bugfixes be required, there will be oslo team members who can approve the patches.
Thanks for thinking this over, brian
[0] http://lists.openstack.org/pipermail/openstack-dev/2018-July/131978.html
-- Hervé Beraud Senior Software Engineer at Red Hat irc: hberaud https://github.com/4383/ https://twitter.com/4383hberaud -----BEGIN PGP SIGNATURE----- wsFcBAABCAAQBQJb4AwCCRAHwXRBNkGNegAALSkQAHrotwCiL3VMwDR0vcja10Q+ Kf31yCutl5bAlS7tOKpPQ9XN4oC0ZSThyNNFVrg8ail0SczHXsC4rOrsPblgGRN+ RQLoCm2eO1AkB0ubCYLaq0XqSaO+Uk81QxAPkyPCEGT6SRxXr2lhADK0T86kBnMP F8RvGolu3EFjlqCVgeOZaR51PqwUlEhZXZuuNKrWZXg/oRiY4811GmnvzmUhgK5G 5+f8mUg74hfjDbR2VhjTeaLKp0PhskjOIKY3vqHXofLuaqFDD+WrAy/NgDGvN22g glGfj472T3xyHnUzM8ILgAGSghfzZF5Skj2qEeci9cB6K3Hm3osj+PbvfsXE/7Kw m/xtm+FjnaywZEv54uCmVIzQsRIm1qJscu20Qw6Q0UiPpDFqD7O6tWSRKdX11UTZ hwVQTMh9AKQDBEh2W9nnFi9kzSSNu4OQ1dRMcYHWfd9BEkccezxHwUM4Xyov5Fe0 qnbfzTB1tYkjU78loMWFaLa00ftSxP/DtQ//iYVyfVNfcCwfDszXLOqlkvGmY1/Y F1ON0ONekDZkGJsDoS6QdiUSn8RZ2mHArGEWMV00EV5DCIbCXRvywXV43ckx8Z+3 B8qUJhBqJ8RS2F+vTs3DTaXqcktgJ4UkhYC2c1gImcPRyGrK9VY0sCT+1iA+wp/O v6rDpkeNksZ9fFSyoY2o =ECSj -----END PGP SIGNATURE-----
On 12/15/20 5:41 AM, hberaud wrote:
+1 from my side.
As discussed yesterday with Luigi (tosky) it makes sense to me to host that under the Oslo scope, however I would appreciate to get feedback from other Oslo team members before doing anything.
Even if this project seems stable we still need to continue to maintain the current code base to keep the code up-to-date and compatible with the next Python versions.
Concerning the "release" point of view of this topic, if this project is stable enough I think we can adopt directly the release independent model [1]. It would help us to reduce the maintenance related to stable branches (backport fixes etc...). Do you have any opinion on this?
I agree that the release independent model makes sense for this library.
Hervé
[1] https://releases.openstack.org/reference/release_models.html#independent <https://releases.openstack.org/reference/release_models.html#independent>
Le mar. 15 déc. 2020 à 06:01, Brian Rosmaita <rosmaita.fossdev@gmail.com <mailto:rosmaita.fossdev@gmail.com>> a écrit :
Hello Oslo Team,
Nova, Glance, and Cinder all make use of the 'cursive' library for image-signature-validation. The library is currently in the 'x' namespace: https://opendev.org/x/cursive <https://opendev.org/x/cursive>
The current cursive-core team entirely consists of members of the Johns Hopkins University Applied Physics Laboratory, which ended its involvement with OpenStack in July 2018 [0].
This leaves us in a position where three of the major openstack projects depend on a library to which no one currently around can approve code changes.
I'd like to propose that the cursive library be moved back to the 'openstack' namespace and be put under Oslo governance with the consuming teams sharing the maintenance of the library. I don't think this will make much new work for the Oslo team--the library has been very stable and hasn't changed in over 2 years--but it will ensure that should any bugfixes be required, there will be oslo team members who can approve the patches.
Thanks for thinking this over, brian
[0] http://lists.openstack.org/pipermail/openstack-dev/2018-July/131978.html <http://lists.openstack.org/pipermail/openstack-dev/2018-July/131978.html>
-- Hervé Beraud Senior Software Engineer at Red Hat irc: hberaud https://github.com/4383/ <https://github.com/4383/> https://twitter.com/4383hberaud <https://twitter.com/4383hberaud> -----BEGIN PGP SIGNATURE-----
wsFcBAABCAAQBQJb4AwCCRAHwXRBNkGNegAALSkQAHrotwCiL3VMwDR0vcja10Q+ Kf31yCutl5bAlS7tOKpPQ9XN4oC0ZSThyNNFVrg8ail0SczHXsC4rOrsPblgGRN+ RQLoCm2eO1AkB0ubCYLaq0XqSaO+Uk81QxAPkyPCEGT6SRxXr2lhADK0T86kBnMP F8RvGolu3EFjlqCVgeOZaR51PqwUlEhZXZuuNKrWZXg/oRiY4811GmnvzmUhgK5G 5+f8mUg74hfjDbR2VhjTeaLKp0PhskjOIKY3vqHXofLuaqFDD+WrAy/NgDGvN22g glGfj472T3xyHnUzM8ILgAGSghfzZF5Skj2qEeci9cB6K3Hm3osj+PbvfsXE/7Kw m/xtm+FjnaywZEv54uCmVIzQsRIm1qJscu20Qw6Q0UiPpDFqD7O6tWSRKdX11UTZ hwVQTMh9AKQDBEh2W9nnFi9kzSSNu4OQ1dRMcYHWfd9BEkccezxHwUM4Xyov5Fe0 qnbfzTB1tYkjU78loMWFaLa00ftSxP/DtQ//iYVyfVNfcCwfDszXLOqlkvGmY1/Y F1ON0ONekDZkGJsDoS6QdiUSn8RZ2mHArGEWMV00EV5DCIbCXRvywXV43ckx8Z+3 B8qUJhBqJ8RS2F+vTs3DTaXqcktgJ4UkhYC2c1gImcPRyGrK9VY0sCT+1iA+wp/O v6rDpkeNksZ9fFSyoY2o =ECSj -----END PGP SIGNATURE-----
+1 from my side. Thank you Brian for bringing this up!!! Thanks & Best Regards, Abhishek Kekane On Tue, Dec 15, 2020 at 6:59 PM Brian Rosmaita <rosmaita.fossdev@gmail.com> wrote:
On 12/15/20 5:41 AM, hberaud wrote:
+1 from my side.
As discussed yesterday with Luigi (tosky) it makes sense to me to host that under the Oslo scope, however I would appreciate to get feedback from other Oslo team members before doing anything.
Even if this project seems stable we still need to continue to maintain the current code base to keep the code up-to-date and compatible with the next Python versions.
Concerning the "release" point of view of this topic, if this project is stable enough I think we can adopt directly the release independent model [1]. It would help us to reduce the maintenance related to stable branches (backport fixes etc...). Do you have any opinion on this?
I agree that the release independent model makes sense for this library.
Hervé
[1] https://releases.openstack.org/reference/release_models.html#independent <
https://releases.openstack.org/reference/release_models.html#independent>
Le mar. 15 déc. 2020 à 06:01, Brian Rosmaita <rosmaita.fossdev@gmail.com <mailto:rosmaita.fossdev@gmail.com>> a écrit :
Hello Oslo Team,
Nova, Glance, and Cinder all make use of the 'cursive' library for image-signature-validation. The library is currently in the 'x' namespace: https://opendev.org/x/cursive <
https://opendev.org/x/cursive>
The current cursive-core team entirely consists of members of the
Johns
Hopkins University Applied Physics Laboratory, which ended its involvement with OpenStack in July 2018 [0].
This leaves us in a position where three of the major openstack projects depend on a library to which no one currently around can approve code changes.
I'd like to propose that the cursive library be moved back to the 'openstack' namespace and be put under Oslo governance with the consuming teams sharing the maintenance of the library. I don't
think
this will make much new work for the Oslo team--the library has been very stable and hasn't changed in over 2 years--but it will ensure
that
should any bugfixes be required, there will be oslo team members who can approve the patches.
Thanks for thinking this over, brian
[0]
http://lists.openstack.org/pipermail/openstack-dev/2018-July/131978.html
<
http://lists.openstack.org/pipermail/openstack-dev/2018-July/131978.html>
-- Hervé Beraud Senior Software Engineer at Red Hat irc: hberaud https://github.com/4383/ <https://github.com/4383/> https://twitter.com/4383hberaud <https://twitter.com/4383hberaud> -----BEGIN PGP SIGNATURE-----
wsFcBAABCAAQBQJb4AwCCRAHwXRBNkGNegAALSkQAHrotwCiL3VMwDR0vcja10Q+ Kf31yCutl5bAlS7tOKpPQ9XN4oC0ZSThyNNFVrg8ail0SczHXsC4rOrsPblgGRN+ RQLoCm2eO1AkB0ubCYLaq0XqSaO+Uk81QxAPkyPCEGT6SRxXr2lhADK0T86kBnMP F8RvGolu3EFjlqCVgeOZaR51PqwUlEhZXZuuNKrWZXg/oRiY4811GmnvzmUhgK5G 5+f8mUg74hfjDbR2VhjTeaLKp0PhskjOIKY3vqHXofLuaqFDD+WrAy/NgDGvN22g glGfj472T3xyHnUzM8ILgAGSghfzZF5Skj2qEeci9cB6K3Hm3osj+PbvfsXE/7Kw m/xtm+FjnaywZEv54uCmVIzQsRIm1qJscu20Qw6Q0UiPpDFqD7O6tWSRKdX11UTZ hwVQTMh9AKQDBEh2W9nnFi9kzSSNu4OQ1dRMcYHWfd9BEkccezxHwUM4Xyov5Fe0 qnbfzTB1tYkjU78loMWFaLa00ftSxP/DtQ//iYVyfVNfcCwfDszXLOqlkvGmY1/Y F1ON0ONekDZkGJsDoS6QdiUSn8RZ2mHArGEWMV00EV5DCIbCXRvywXV43ckx8Z+3 B8qUJhBqJ8RS2F+vTs3DTaXqcktgJ4UkhYC2c1gImcPRyGrK9VY0sCT+1iA+wp/O v6rDpkeNksZ9fFSyoY2o =ECSj -----END PGP SIGNATURE-----
On Mon, 2020-12-14 at 23:53 -0500, Brian Rosmaita wrote:
Hello Oslo Team,
Nova, Glance, and Cinder all make use of the 'cursive' library for image-signature-validation. The library is currently in the 'x' namespace: https://opendev.org/x/cursive
The current cursive-core team entirely consists of members of the Johns Hopkins University Applied Physics Laboratory, which ended its involvement with OpenStack in July 2018 [0].
This leaves us in a position where three of the major openstack projects depend on a library to which no one currently around can approve code changes.
I'd like to propose that the cursive library be moved back to the 'openstack' namespace and be put under Oslo governance with the consuming teams sharing the maintenance of the library. I don't think this will make much new work for the Oslo team--the library has been very stable and hasn't changed in over 2 years--but it will ensure that should any bugfixes be required, there will be oslo team members who can approve the patches.
Thanks for thinking this over, brian
No issues from my perspective, fwiw. Stephen
[0] http://lists.openstack.org/pipermail/openstack-dev/2018-July/131978.html
On 2020-12-14 23:53:39 -0500 (-0500), Brian Rosmaita wrote: [...]
The current cursive-core team entirely consists of members of the Johns Hopkins University Applied Physics Laboratory, which ended its involvement with OpenStack in July 2018 [...] I'd like to propose that the cursive library be moved back to the 'openstack' namespace and be put under Oslo governance with the consuming teams sharing the maintenance of the library. [...]
Purely from a logistics perspective, it would be good to get the permission of at least one of the current core reviewers, preferably by having them include oslo-core into their core group. Right now it's an independently developed project within the OpenDev Collaboratory, and OpenStack lacks the authority to just "take over" a non-OpenStack project without first making sure that's okay with the prior authors. -- Jeremy Stanley
On 12/15/20 11:56 AM, Jeremy Stanley wrote:
On 2020-12-14 23:53:39 -0500 (-0500), Brian Rosmaita wrote: [...]
The current cursive-core team entirely consists of members of the Johns Hopkins University Applied Physics Laboratory, which ended its involvement with OpenStack in July 2018 [...] I'd like to propose that the cursive library be moved back to the 'openstack' namespace and be put under Oslo governance with the consuming teams sharing the maintenance of the library. [...]
Purely from a logistics perspective, it would be good to get the permission of at least one of the current core reviewers, preferably by having them include oslo-core into their core group. Right now it's an independently developed project within the OpenDev Collaboratory, and OpenStack lacks the authority to just "take over" a non-OpenStack project without first making sure that's okay with the prior authors.
I'll reach out to the current cores (they are still at JHUAPL), but the library was in fact developed as an openstack project and was moved from the 'openstack' namespace into the 'x' space by this patch: https://opendev.org/x/cursive/commit/f8e9d5870fa7049df67c59204988767291f08ec... cheers, brian
On 2020-12-16 08:30:53 -0500 (-0500), Brian Rosmaita wrote:
On 12/15/20 11:56 AM, Jeremy Stanley wrote:
On 2020-12-14 23:53:39 -0500 (-0500), Brian Rosmaita wrote: [...]
The current cursive-core team entirely consists of members of the Johns Hopkins University Applied Physics Laboratory, which ended its involvement with OpenStack in July 2018 [...] I'd like to propose that the cursive library be moved back to the 'openstack' namespace and be put under Oslo governance with the consuming teams sharing the maintenance of the library. [...]
Purely from a logistics perspective, it would be good to get the permission of at least one of the current core reviewers, preferably by having them include oslo-core into their core group. Right now it's an independently developed project within the OpenDev Collaboratory, and OpenStack lacks the authority to just "take over" a non-OpenStack project without first making sure that's okay with the prior authors.
I'll reach out to the current cores (they are still at JHUAPL), but the library was in fact developed as an openstack project and was moved from the 'openstack' namespace into the 'x' space by this patch:
https://opendev.org/x/cursive/commit/f8e9d5870fa7049df67c59204988767291f08ec...
It was developed similarly to official OpenStack projects and (along with hundreds of other non-OpenStack projects) was hosted within the "openstack/" Git namespace in our Gerrit because we moved all projects into that namespace around the same time we ceased keeping a separate "stackforge/" namespace, but cursive was never officially under OpenStack governance. The change you mention is the result of the OpenStack TC choosing to evict non-OpenStack projects from that namespace during the big OpenDev reorganization, and not an indication that it was actually governed by OpenStack. If it were previously a deliverable of some official team, it would be listed in the reference/legacy.yaml file in the governance repository, but I've also double-checked the entire Git history for openstack/governance and see no evidence that it was ever under governance and somehow missed having its removal recorded there. -- Jeremy Stanley
On 12/16/20 11:36 AM, Jeremy Stanley wrote:
On 2020-12-16 08:30:53 -0500 (-0500), Brian Rosmaita wrote:
On 12/15/20 11:56 AM, Jeremy Stanley wrote:
On 2020-12-14 23:53:39 -0500 (-0500), Brian Rosmaita wrote: [...]
The current cursive-core team entirely consists of members of the Johns Hopkins University Applied Physics Laboratory, which ended its involvement with OpenStack in July 2018 [...] I'd like to propose that the cursive library be moved back to the 'openstack' namespace and be put under Oslo governance with the consuming teams sharing the maintenance of the library. [...]
Purely from a logistics perspective, it would be good to get the permission of at least one of the current core reviewers, preferably by having them include oslo-core into their core group. Right now it's an independently developed project within the OpenDev Collaboratory, and OpenStack lacks the authority to just "take over" a non-OpenStack project without first making sure that's okay with the prior authors.
I'll reach out to the current cores (they are still at JHUAPL), but the library was in fact developed as an openstack project and was moved from the 'openstack' namespace into the 'x' space by this patch:
https://opendev.org/x/cursive/commit/f8e9d5870fa7049df67c59204988767291f08ec...
It was developed similarly to official OpenStack projects and (along with hundreds of other non-OpenStack projects) was hosted within the "openstack/" Git namespace in our Gerrit because we moved all projects into that namespace around the same time we ceased keeping a separate "stackforge/" namespace, but cursive was never officially under OpenStack governance.
The change you mention is the result of the OpenStack TC choosing to evict non-OpenStack projects from that namespace during the big OpenDev reorganization, and not an indication that it was actually governed by OpenStack. If it were previously a deliverable of some official team, it would be listed in the reference/legacy.yaml file in the governance repository, but I've also double-checked the entire Git history for openstack/governance and see no evidence that it was ever under governance and somehow missed having its removal recorded there.
OK, thanks for the explanation and for doing some archaeological research. In the meantime, I (finally) noticed that barbican-core is an included group in cursive-core, so the situation is not as dire as I thought in terms of having someone around who can approve patches. I think cursive should be pulled into openstack governance, however. I'll restart the thread focused on that issue and include [barbican] in the subject line.
Based on the readme saying "The cursive project contains code extracted from various OpenStack projects for verifying digital signatures" and the fact that it's being used in multiple other projects it sounds like a perfect fit for Oslo. On 12/14/20 10:53 PM, Brian Rosmaita wrote:
Hello Oslo Team,
Nova, Glance, and Cinder all make use of the 'cursive' library for image-signature-validation. The library is currently in the 'x' namespace: https://opendev.org/x/cursive
The current cursive-core team entirely consists of members of the Johns Hopkins University Applied Physics Laboratory, which ended its involvement with OpenStack in July 2018 [0].
This leaves us in a position where three of the major openstack projects depend on a library to which no one currently around can approve code changes.
I'd like to propose that the cursive library be moved back to the 'openstack' namespace and be put under Oslo governance with the consuming teams sharing the maintenance of the library. I don't think this will make much new work for the Oslo team--the library has been very stable and hasn't changed in over 2 years--but it will ensure that should any bugfixes be required, there will be oslo team members who can approve the patches.
Thanks for thinking this over, brian
[0] http://lists.openstack.org/pipermail/openstack-dev/2018-July/131978.html
participants (6)
-
Abhishek Kekane
-
Ben Nemec
-
Brian Rosmaita
-
hberaud
-
Jeremy Stanley
-
Stephen Finucane