Open Stack

-----Original Message-----
From: Sean Dague <sean at dague.net>
Reply: OpenStack Development Mailing List (not for usage questions) <openstack-dev at lists.openstack.org>
Date: August 9, 2016 at 05:44:55
To: openstack-dev at lists.openstack.org <openstack-dev at lists.openstack.org>
Subject:  Re: [openstack-dev] [requirements] History lesson please

> On 08/09/2016 02:38 AM, Tony Breeds wrote:
> > Hi all,
> > I guess this is aimed at the long term requirements team members.
> >
> > The current policy for approving requirements[1] bumps contains the following text:  
> >
> > Changes to update the minimum version of a library developed by the
> > OpenStack community can be approved by one reviewer, as long as the
> > constraints are correct and the tests pass.
> >
> > Perhaps I'm a little risk adverse but this seems a little strange to me. Can
> > folks that know more about how this came about help me understand why that is?
> >
> > Yours Tony.
> >
> > [1] https://github.com/openstack/requirements/blob/master/README.rst#for-upgrading-requirements-versions  
>  
> With constraints, the requirements minimum bump is pretty low risk. Very
> little of our jobs are impacted by it.
>  
> It's in many ways more risking to leave minimums where they are and bump
> constraints, because the minimums could be lying that they still work at
> the lower level.
>  
> -Sean

I maintain a few libraries outside of OpenStack that have generous lower limits and testing them is resource intensive both as a developer and in continuous integration. I'd love to see OpenStack be *more* aggressive about the oldest version it supports because in most cases I severely distrust the version ranges we use. I do recognize, however, that we have to coordinate with some distributions that will not update their packaged versions (which are often an old version number with security patches poorly cherry-picked). So you may need to coordinate with them before bumping version minimums as well.

--  
Ian Cordasco