[requirements][requests] security update for requests in stable branches
Jeremy Stanley
fungi at yuggoth.org
Fri Feb 15 18:17:12 UTC 2019
On 2019-02-15 13:06:21 -0500 (-0500), Jim Rollenhagen wrote:
[...]
> I know openstack-ansible and kolla both (optionally?) deploy from source,
> so maybe it's time to start talking about it. Or should those projects
> handle security fixes themselves when deploying from source?
If they're aggregating non-OpenStack software (that is, acting as a
full software distribution) then they ought to be tracking and
managing vulnerabilities in that software. I don't see that as being
the job of the Requirements team to manage it for them. This is
especially true in cases where the output is something like server
or container images which include plenty of other software not even
tracked by the requirements repository at all, any of which could
have security vulnerabilities as well.
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190215/73125502/attachment.sig>
More information about the openstack-discuss
mailing list