[openstack-dev] [all] [barbican] [security] Why are projects trying to avoid Barbican, still?

Fox, Kevin M Kevin.Fox at pnnl.gov
Mon Jan 16 20:21:02 UTC 2017


IMO, This is why the big tent has been so damaging to OpenStack's progress. Instead of lifting the commons up, by requiring dependencies on other projects, there by making them commonly deployed and high quality, post big tent, each project reimplements just enough to get away with making something optional, and then the commons, and OpenStack as a whole suffers. This behavior MUST STOP if OpenStack is to make progress again. Other projects, such as Kubernetes are making tremendous progress because they are not hamstrung by one component trying desperately not to depend on another when the dependency is appropriate. They enhance the existing component until its suitable and the whole project benefits. Yes, as an isolated dev, the behavior to make deps optional seems to make sense. But as a whole, OpenStack is suffering and will become increasingly irrelevant moving forward if the current path is continued. Please, please reconsider what the current stance on dependencies is doing to the community. This problem is not just isolated to barbican, but lots of other projects as well. We can either help pull each other up, or we can step on each other to try and get "on top". I'd rather we help each other rather then the destructive path we seem to be on.

My 2 cents.
Kevin

________________________________________
From: Chris Friesen [chris.friesen at windriver.com]
Sent: Monday, January 16, 2017 9:25 AM
To: openstack-dev at lists.openstack.org
Subject: Re: [openstack-dev] [all] [barbican] [security] Why are projects trying to avoid Barbican, still?

On 01/16/2017 10:31 AM, Rob C wrote:

> I think the main point has already been hit on, developers don't want to
> require that Barbican be deployed in order for their service to be
> used.

I think that this is a perfectly reasonable stance for developers to take.  As
long as Barbican is an optional component, then making your service depend on it
has a good chance of limiting your potential install base.

Given that, it seems like the ideal model from a security perspective would be
to use Barbican if it's available at runtime, otherwise use something else...but
that has development and maintenance costs.

Chris

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



More information about the OpenStack-dev mailing list