Open Stack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 13/11/14 18:17, stuart.mclaren at hp.com wrote:
> All,
> 
> The 0.1.9 version of glance_store, and glance's master branch both 
> contain some fixes for the Swift multi-tenant store.
> 
> This security related change hasn't merged to glance_store yet: 
> https://review.openstack.org/130200
> 
> I'd like to suggest that we try to merge this security fix and
> release it as as glance_store '0.1.10'. Then make glance's
> juno/stable branch rely on glance_store '0.1.10' so that it picks
> up both the multi-tenant store and security fixes.

So you're forcing all stable branch users to upgrade their
glance_store module, with a version that includes featureful patches,
which is not nice.

I think those who maintain glance_store module in downstream
distributions will cherry-pick the security fix into their packages,
so there is nothing to do in terms of stable branches to handle the
security issue.

Objections?

> 
> The set of related glance stable branch patches would be: 
> https://review.openstack.org/134257 
> https://review.openstack.org/134286 
> https://review.openstack.org/134289/ (0.1.10 dependency -- also
> requires a global requirements change)
> 
> Does this seem ok?
> 
> -Stuart
> 
> _______________________________________________ OpenStack-dev
> mailing list OpenStack-dev at lists.openstack.org 
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iQEcBAEBCgAGBQJUZOouAAoJEC5aWaUY1u57aFMIAM2uhUPOLfBqNneKO89Kv3tU
uE5+JP3Oh7pSCwCgw+fgnxraG9jb5QjpV8rCHewvFpyWQKwsstmNjdMeryRIX1Hn
TZ42mSFUWkjDBJ/cvP2QyLXt2Il93xtqaAcLxo9enHUBR4F2lUCaZK0sm8jLkIFf
TYv9jaf5QwjIWD7VO51HibwoH4f2laJv4r8MbIuyQoUpMlKpeWzmETqm5NrIUCp+
Acvbxo0EaRgAhWRIfHmFtudVjeirjc6vG9yjxFwaObYODb3sridcnr5IOBwP8jrI
1WExsAPTMU6ut2j2pABxIc0PnYAcW1uzc8w4/oPMUp0rZsaQfveCH/mRA0QnqrQ=
=j14y
-----END PGP SIGNATURE-----