[openstack-dev] [Horizon] [all] django_openstack_auth potential release

David Lyle dklyle0 at gmail.com
Wed Apr 8 21:32:50 UTC 2015


django_openstack_auth is a library solely consumed by Horizon in OpenStack.
We've run into a potential requirements.txt issue.

Horizon recently added support for Django 1.7 (1.8 released in the last
week, but let's ignore that). The reasoning was that Django 1.6 the
previous cap is no longer supported by Django at all, even for security
fixes. After adding support, the global-requirements were updated [1] to
support an upper end cap of Django 1.7. All is good. Or maybe not.

So the global requirement and horizon repos now match:

Django>=1.4.2,<1.8

The current released version of django_openstack_auth is 1.1.9. And the
requirements.txt for that version states

Django>=1.4.2,<1.7

The worry that arose is what dependency problems does this raise for
deployers and distros? The 1.1.9 released version of django_openstack_auth
code actually supports Django 1.7 even though the requirements don't
include that version. But dependency negotiation may result in only 1.6
being used.

So we have a couple of options. First, leave django_openstack_auth at 1.1.9
and let deployers and distros rationalize which version of Django they want
to use and negotiate the dependency issues independently. Or second,
release a new version of django_openstack_auth and determine if we want to
fix the version django_openstack_auth in global-requirements.txt or leave
the upper cap unbound.

Given the late stage of the release I'm reluctant to release, but would
like to better understand the downstream implications of not doing so.

David

[1] https://review.openstack.org/#/c/155353/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150408/04e9e64d/attachment.html>


More information about the OpenStack-dev mailing list