On 08/13/2013 06:20 PM, Dolph Mathews wrote: > With regard to: > https://blueprints.launchpad.net/keystone/+spec/key-distribution-server > > During today's project status meeting [1], the state of KDS was > discussed [2]. To quote ttx directly: "we've been bitten in the past > with late security-sensitive stuff" and "I'm a bit worried to ship > late code with such security implications as a KDS." I share the same > concern, especially considering the API only recently went up for > formal review [3], and the WIP implementation is still failing > smokestack [4]. Since KDS is a security tightening in acase where there is no security at all, adding it in can only improve security. It is a relatively simple extension from the keystone side. THe corresponding change is in the client, and that has already merged. > > I'm happy to see the reviews in question continue to receive their > fair share of attention over the next few weeks, but can (and should?) > merging be delayed until icehouse while more security-focused eyes > have time to review the code? > > Ceilometer and nova would both be affected by a delay, as both have > use cases for consuming trusted messaging [5] (a dependency of the bp > in question). > > Thanks for you feedback! > > [1]: > http://eavesdrop.openstack.org/irclogs/%23openstack-meeting/%23openstack-meeting.2013-08-13.log > [2]: http://paste.openstack.org/raw/44075/ > [3]: https://review.openstack.org/#/c/40692/ > [4]: https://review.openstack.org/#/c/37118/ > [5]: https://blueprints.launchpad.net/oslo/+spec/trusted-messaging > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130814/2bfe82f9/attachment.html>