Hi, This change (https://review.openstack.org/#/c/383493/) makes certificates request to magnum_api insecure since is a common use case. In swarm drivers, the make-cert.py script is in python whereas in K8s for CoreOS and Atomic, it is a shell script. I wanted to make the change (https://review.openstack.org/#/c/430755/) but it gets flagged by bandit because of python requests pacakage insecure TLS. I know that we should supports Custom CA in the futur but if right now (and according to the previous merged change) insecure request are by default, what should we do ? Do we disable bandit for the the swarm drivers ? Or do you use the same scripts (and keep it as simple as possible) for all the drivers, possibly without python as it is not included in CoreOS. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170210/47e405b0/attachment.pgp>