[openstack-dev] [all] [barbican] [security] Why are projects trying to avoid Barbican, still?

Dave McCowan (dmccowan) dmccowan at cisco.com
Tue Jan 17 17:31:12 UTC 2017


On 1/17/17, 5:37 AM, "Thierry Carrez" <thierry at openstack.org> wrote:

>I think the focus question is an illusion, as Ed brilliantly explained
>in https://blog.leafe.com/openstack-focus/
>
>The issue here is that it's just a lot more profitable career-wise and a
>lot less risky to work first-level user-visible features like Machine
>Learning as a service, than it is to work on infrastructural services
>like Glance, Keystone or Barbican. Developers naturally prefer to go to
>shiny objects than to boring technology. As long as their corporate
>sponsors are happy with them ignoring critical services, that will
>continue. Saying that some of those things are not part of our
>community, while they are developed by our community, is sticking our
>heads in the sand.

This trend identified by Ed and Thierry is evident in the group of
Barbican contributors.  Many of our previously active contributors have
moved on to other projects.  There are some quality ideas in this thread.
I hope I'm just stating the obvious here: there are no Barbican
contributors waiting in the wings with extra cycles to develop them.

If a Vault plugin or cross-project fine-grained access controls are
important to you or your company, please help us out.  I promise the
community is open to new ideas, new developers, and new reviewers.




More information about the OpenStack-dev mailing list