[openstack-dev] [keystone] [oslo] postpone key distribution bp until icehouse?

Dolph Mathews dolph.mathews at gmail.com
Tue Aug 13 22:20:22 UTC 2013


With regard to:
https://blueprints.launchpad.net/keystone/+spec/key-distribution-server

During today's project status meeting [1], the state of KDS was discussed
[2]. To quote ttx directly: "we've been bitten in the past with late
security-sensitive stuff" and "I'm a bit worried to ship late code with
such security implications as a KDS." I share the same concern, especially
considering the API only recently went up for formal review [3], and the
WIP implementation is still failing smokestack [4].

I'm happy to see the reviews in question continue to receive their fair
share of attention over the next few weeks, but can (and should?) merging
be delayed until icehouse while more security-focused eyes have time to
review the code?

Ceilometer and nova would both be affected by a delay, as both have use
cases for consuming trusted messaging [5] (a dependency of the bp in
question).

Thanks for you feedback!

[1]:
http://eavesdrop.openstack.org/irclogs/%23openstack-meeting/%23openstack-meeting.2013-08-13.log
[2]: http://paste.openstack.org/raw/44075/
[3]: https://review.openstack.org/#/c/40692/
[4]: https://review.openstack.org/#/c/37118/
[5]: https://blueprints.launchpad.net/oslo/+spec/trusted-messaging
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130813/52f96776/attachment.html>


More information about the OpenStack-dev mailing list