[openstack-dev] [all] [barbican] [security] Why are projects trying to avoid Barbican, still?
Chris Dent
cdent+os at anticdent.org
Mon Jan 16 15:09:50 UTC 2017
On Mon, 16 Jan 2017, Ian Cordasco wrote:
> I really want to understand why so many projects feel the need to
> implement their own secrets storage. This seems a bit short-sighted
> and foolish. While these projects are making themselves easier to
> deploy, if not done properly they are potentially endangering their
> users and that seems like a bigger problem than deploying Barbican to
> me.
What I've heard in the past is that no one wants to rely on
something that they cannot guarantee will be present in a
deployment. The debate surrounding what ought to be guaranteed in a
deployment is part of what inspired the notion of a "base services"
which is a topic up for proposal in the architecture working group:
https://review.openstack.org/#/c/419397/
(In other words: yeah, important topic.)
--
Chris Dent ¯\_(ツ)_/¯ https://anticdent.org/
freenode: cdent tw: @anticdent
More information about the OpenStack-dev
mailing list