[openstack-dev] [glance] security and swift multi-tenant fixes on stable branch

Flavio Percoco flavio at redhat.com
Fri Nov 14 15:50:14 UTC 2014

On 14/11/14 11:25 +0000, stuart.mclaren at hp.com wrote:
>>>On 2014-11-13 18:28:14 +0100 (+0100), Ihar Hrachyshka wrote:
>>>I think those who maintain glance_store module in downstream
>>>distributions will cherry-pick the security fix into their
>>>packages, so there is nothing to do in terms of stable branches to
>>>handle the security issue.
>>As a counterargument, some Oslo libs have grown stable branches for
>>security backports and cut corresponding point releases on an
>>as-needed basis so as to avoid introducing new features in stable
>>server deployments.
>>Jeremy Stanley
>The current glance stable/juno requirement for glance_store is >= 0.1.1.
>If you run stable/juno against glance_store 0.1.1 and try
>to create an image, you get (multi-tenant store):


>Before glance_store was separated out it would have been straightforward
>to backport the relevant fixes to Glance's tightly coupled in-tree store code.
>I'm neutral on the mechanics, but I think we need to get to a point where
>if someone is running stable/juno and has a version of glance_store which
>satisfies what's specified in requirements.txt they should have secure,
>working code.

I think releasing glance_store now with the security fix is fine.
Distro packages will be updated as soon as 2014.2.1 is released and
the change introduced is backwards compatible.

FWIW, we're adapting glance_store's development to follow oslo
libraries policies even for releases and versioning.


Flavio Percoco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141114/1c3a9ab6/attachment.pgp>

More information about the OpenStack-dev mailing list