[openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Julien Danjou julien at danjou.info
Wed Mar 15 10:51:05 UTC 2017

On Mon, Mar 13 2017, Clint Byrum wrote:

> To me, Oslo is a bunch of libraries that encompass "the way OpenStack
> does XXXX". When XXXX is key management, projects are, AFAICT, universally
> using Castellan at the moment. So I think it fits in Oslo
> conceptually.

It would be cool if it could rather be "the way you can do XXX in
Python" rather than being too much OpenStack centric. :)

> As far as what benefit there is to renaming it, the biggest one is
> divesting Castellan of the controversy around Barbican. There's no
> disagreement that explicitly handling key management is necessary. There
> is, however, still hesitance to fully adopt Barbican in that role. In
> fact I heard about some alternatives to Barbican, namely "Vault"[1] and
> "Tang"[2], that may be useful for subsets of the community, or could
> even grow into de facto standards for key management.
> So, given that there may be other backends, and the developers would
> like to embrace that, I see value in renaming. It would help, I think,
> Castellan's developers to be able to focus on key management and not
> have to explain to every potential user "no we're not Barbican's cousin,
> we're just an abstraction..".

I don't think the Castellan name is a problem in itself, because at
least to me it does not sound like it's Barbican specific. I'd prefer it
to be a Python generic library that supports an OpenStack project as one
of its driver. So I'd hate to have it named oslo.foobar.

As far as moving it under the Oslo library, I understand that the point
would be to make a point stating that this library is not a
Barbican-specific solution etc. I think it addresses the problem in the
wrong… but pragmatic way.

What I think would be more interesting is to rename the _Barbican team_
to the "People-who-work-on-keychain-stuff team". That team would build 2
things, which are Barbican and Castellan (and maybe more later). That'd
make more sense than trying to fit everything in Oslo, and would also
help other projects to do the same thing in the future, and, maybe, one
day, alleviate the whole problem.

Other than that, sure, we can move it to Oslo I guess. :)

My 2c,

Julien Danjou
/* Free Software hacker
   https://julien.danjou.info */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170315/e822a036/attachment.pgp>

More information about the OpenStack-dev mailing list