[all][requirements][stable] requests version bump on stable brances {pike|queens} for CVE-2018-18074
Matthew Thode
mthode at mthode.org
Wed May 22 22:12:16 UTC 2019
On 19-05-22 23:52:47, Dirk Müller wrote:
> Hi Matthew,
>
> > 2. add a new file, let's call it 'security-updates.txt'
>
> maybe better call it updates-for-known-insecure-versions.txt ;-)
>
> > b. the file needs to maintain co-installability of openstack. It is
> > laid over the upper-constraints file and tested the same way
> > upper-constraints is. This testing is NOT perfect. The generated
> > file could be called something like
> > 'somewhat-tested-secureconstraints.txt'
>
> coinstallability is a problem, but I think its not the main one. But I
> agree we can try that.
>
> > This also sets up incrased work and scope for the requirements team.
> > Perhaps this could be a sub team type of item or something?
>
> Allowing for additions there doesn't immediately increase work. unless
> there is somebody actually proposing a change to review, that is. It
> doesn"t make the team magically fulfill the promise - the policy change
> would allow the review team to accept such a review as it is within
> policy.
These are all true, but even before changing anything we'd still have to
document the policy. Perhaps that's the next step. Do you mind
generating a policy change and proposing it (to this thread) for review?
--
Matthew Thode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190522/2cb8671a/attachment.sig>
More information about the openstack-discuss
mailing list