[openstack-dev] We should move strutils.mask_password back into oslo-incubator

Matt Riedemann mriedem at linux.vnet.ibm.com
Thu Oct 8 13:58:06 UTC 2015



On 10/8/2015 4:21 AM, Julien Danjou wrote:
> On Wed, Oct 07 2015, Matt Riedemann wrote:
>
>> 2. Backport the oslo.utils change to a stable branch, release it as a patch
>> release, bump minimum required version in stable g-r and then backport the nova
>> change and depend on the backported oslo.utils stable release - which also
>> makes it a dependent library version bump for any packagers/distros that have
>> already frozen libraries for their stable releases, which is kind of not fun.
>
> You should not need to bump the minimum version in g-r. The minimum
> version there should be the minimal version to have working code.
>
> If you start bumping dependencies or dependencies of dependencies each
> time they release because a bug or a security issue is fixed, it's going
> to a never ending useless job.
>
> When you're an operator, you know you need to always run the latest
> stable version of the things you have in prod' to have all the fixes.
> That's common good sense.
>

I don't know how many operators are tracking patch releases of 
dependencies on stable branches unless there is a new minimum 
requirement on those, especially if they aren't getting their updates 
from a distro provider. So while nova wouldn't be broken w/o the patched 
oslo.utils on stable, the OSSA wouldn't be fixed in that case.

-- 

Thanks,

Matt Riedemann




More information about the OpenStack-dev mailing list