[oslo][requirements] Bandit Strategy

Jeremy Stanley fungi at yuggoth.org
Wed May 15 17:20:04 UTC 2019


On 2019-05-15 12:52:05 -0400 (-0400), Doug Hellmann wrote:
> Moises Guimaraes de Medeiros <moguimar at redhat.com> writes:
> 
> > Doug, they pass now, and might fail once 1.6.1 is out and the behavior is
> > not fixed, but that will probably need a recheck on a passed job. The -W
> > would be just a reminder not to merge them by mistake.
> 
> Oh, I guess I assumed we would only be going through this process for
> repos that are broken. It makes sense to be consistent across all of
> them, though, if that was the goal.

Only doing it for projects which actually hit that problem seems
like a reasonable approach, since we don't expect them to all
coordinate on a common version of static analyzers and linters
anyway (hence bandit being in the constraints blacklist to start
with).
-- 
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190515/9d546783/attachment.sig>


More information about the openstack-discuss mailing list