[openstack-dev] [keystone] [oslo] postpone key distribution bp until icehouse?
Russell Bryant
rbryant at redhat.com
Tue Aug 13 22:29:14 UTC 2013
On 08/13/2013 06:20 PM, Dolph Mathews wrote:
> With regard
> to: https://blueprints.launchpad.net/keystone/+spec/key-distribution-server
>
> During today's project status meeting [1], the state of KDS was
> discussed [2]. To quote ttx directly: "we've been bitten in the past
> with late security-sensitive stuff" and "I'm a bit worried to ship late
> code with such security implications as a KDS." I share the same
> concern, especially considering the API only recently went up for formal
> review [3], and the WIP implementation is still failing smokestack [4].
>
> I'm happy to see the reviews in question continue to receive their fair
> share of attention over the next few weeks, but can (and should?)
> merging be delayed until icehouse while more security-focused eyes have
> time to review the code?
>
> Ceilometer and nova would both be affected by a delay, as both have use
> cases for consuming trusted messaging [5] (a dependency of the bp in
> question).
The longer this takes, the longer it is until we can make use of it.
However, at this point, deferring doesn't affect Nova much. Landing at
the end of Havana vs the beginning of Icehouse doesn't change that
Icehouse would be the earliest Nova would start making use of it.
I would really like to see this as a priority to land ASAP in Icehouse
if it gets deferred. Otherwise, other projects such as Nova can't make
any plans to build something with it in Icehouse, pushing this out yet
another 6 months.
--
Russell Bryant
More information about the OpenStack-dev
mailing list