[all][requirements][stable] requests version bump on stable brances {pike|queens} for CVE-2018-18074
Dirk Müller
dirk at dmllr.de
Wed May 22 21:52:47 UTC 2019
Hi Matthew,
> 2. add a new file, let's call it 'security-updates.txt'
maybe better call it updates-for-known-insecure-versions.txt ;-)
> b. the file needs to maintain co-installability of openstack. It is
> laid over the upper-constraints file and tested the same way
> upper-constraints is. This testing is NOT perfect. The generated
> file could be called something like
> 'somewhat-tested-secureconstraints.txt'
coinstallability is a problem, but I think its not the main one. But I
agree we can try that.
> This also sets up incrased work and scope for the requirements team.
> Perhaps this could be a sub team type of item or something?
Allowing for additions there doesn't immediately increase work. unless
there is somebody actually proposing a change to review, that is. It
doesn"t make the team magically fulfill the promise - the policy change
would allow the review team to accept such a review as it is within
policy.
More information about the openstack-discuss
mailing list