[openstack-dev] [nova] To rootwrap or piggyback privsep helpers?

Thierry Carrez thierry at openstack.org
Thu Jan 26 09:08:52 UTC 2017


Michael Still wrote:
> I think #3 is the right call for now. The person we had working on
> privsep has left the company, and I don't have anyone I could get to
> work on this right now. Oh, and we're out of time.

Yes, as much as I'm an advocate of privsep adoption, I don't think the
last minutes before feature freeze are the best moment to introduce a
single isolated privsep-backed command in Nova. So I'd recommend #3.

In an ideal world, Nova would start migrating existing commands early in
Pike so that in the near future, adding new privsep-backed commands
doesn't feel so alien.

-- 
Thierry Carrez (ttx)



More information about the OpenStack-dev mailing list