[openstack-dev] [horizon] static files handling, bower/
openstack at sheep.art.pl
Wed Jan 21 08:28:02 UTC 2015
On 21/01/15 09:21, david.comay at oracle.com wrote:
>> As for our work and updates, using system-wide packages is an excellent
>> solution in this regard, as we get maintenance and updates for free. For
>> libraries, we don't need to patch Horizon -- the patch that is prepared
>> for that specific library and applied system-wide is sufficient.
> But for distributions that package Horizon itself, don't they
> effectively need to patch Horizon? Namely, don't they need to install
> address the security issue and then they need to rebuild Horizon itself
> even if there are no Horizon source code changes.
> From a Horizon end-user perspective who relies on the distribution's
> packages to get Horizon, they'll get the security fix but it seems
> distributors will still need to rebuild and deliver Horizon for every
> some other method.
No, why would they? They don't copy the static files into the Horizon's
package. That's the whole point, Horizon only has paths to them. The
files themselves are provided by the system-wide packages.
More information about the OpenStack-dev