[openstack-dev] [nova] To rootwrap or piggyback privsep helpers?
Thierry Carrez
thierry at openstack.org
Thu Jan 26 09:08:52 UTC 2017
Michael Still wrote:
> I think #3 is the right call for now. The person we had working on
> privsep has left the company, and I don't have anyone I could get to
> work on this right now. Oh, and we're out of time.
Yes, as much as I'm an advocate of privsep adoption, I don't think the
last minutes before feature freeze are the best moment to introduce a
single isolated privsep-backed command in Nova. So I'd recommend #3.
In an ideal world, Nova would start migrating existing commands early in
Pike so that in the near future, adding new privsep-backed commands
doesn't feel so alien.
--
Thierry Carrez (ttx)
More information about the OpenStack-dev
mailing list