Open Stack

Wed Jun 5 16:27:09 UTC 2019

Agreed. There's probably an argument that we should cap bandit on stable 
branches anyway, but it would save us a lot of tedious patches if we 
just hope bandit doesn't break us again. :-)

On 6/5/19 11:16 AM, Herve Beraud wrote:
> I think that waiting the bandit release is a good idea
> 
> Le mer. 5 juin 2019 à 17:54, Jeremy Stanley <fungi at yuggoth.org 
> <mailto:fungi at yuggoth.org>> a écrit :
> 
>     On 2019-06-05 10:28:35 -0500 (-0500), Ben Nemec wrote:
>      > Since it seems we need to backport this to the stable branches
>     [...]
> 
>     You've probably been following along, but a fix for
>     https://github.com/PyCQA/bandit/issues/488 was merged upstream on
>     May 26, so now we're just waiting for a new release to be tagged. It
>     may make sense to spend some time lobbying them to accelerate their
>     release process if it means less time spent backporting exclusions
>     to a bazillion projects.
>     -- 
>     Jeremy Stanley
> 
> 
> 
> -- 
> Hervé Beraud
> Senior Software Engineer
> Red Hat - Openstack Oslo
> irc: hberaud
> -----BEGIN PGP SIGNATURE-----
> 
> wsFcBAABCAAQBQJb4AwCCRAHwXRBNkGNegAALSkQAHrotwCiL3VMwDR0vcja10Q+
> Kf31yCutl5bAlS7tOKpPQ9XN4oC0ZSThyNNFVrg8ail0SczHXsC4rOrsPblgGRN+
> RQLoCm2eO1AkB0ubCYLaq0XqSaO+Uk81QxAPkyPCEGT6SRxXr2lhADK0T86kBnMP
> F8RvGolu3EFjlqCVgeOZaR51PqwUlEhZXZuuNKrWZXg/oRiY4811GmnvzmUhgK5G
> 5+f8mUg74hfjDbR2VhjTeaLKp0PhskjOIKY3vqHXofLuaqFDD+WrAy/NgDGvN22g
> glGfj472T3xyHnUzM8ILgAGSghfzZF5Skj2qEeci9cB6K3Hm3osj+PbvfsXE/7Kw
> m/xtm+FjnaywZEv54uCmVIzQsRIm1qJscu20Qw6Q0UiPpDFqD7O6tWSRKdX11UTZ
> hwVQTMh9AKQDBEh2W9nnFi9kzSSNu4OQ1dRMcYHWfd9BEkccezxHwUM4Xyov5Fe0
> qnbfzTB1tYkjU78loMWFaLa00ftSxP/DtQ//iYVyfVNfcCwfDszXLOqlkvGmY1/Y
> F1ON0ONekDZkGJsDoS6QdiUSn8RZ2mHArGEWMV00EV5DCIbCXRvywXV43ckx8Z+3
> B8qUJhBqJ8RS2F+vTs3DTaXqcktgJ4UkhYC2c1gImcPRyGrK9VY0sCT+1iA+wp/O
> v6rDpkeNksZ9fFSyoY2o
> =ECSj
> -----END PGP SIGNATURE-----
> 

Open Stack

[oslo] Bandit Strategy

OpenStack

Community

Documentation

Branding & Legal