[tc][requirements][horizon] Broken gates due to the new setuptools and pyScss package

Jean-Philippe Evrard jean-philippe at evrard.me
Mon Mar 16 08:48:13 UTC 2020

On Fri, 2020-03-13 at 18:29 +0200, Ivan Kolodyazhny wrote:
> Hi team,
> I'm sorry for being too noisy, but I decided to tag TC to get more
> attention to the current Horizon situation.

Don't be sorry, it's good that you raise this point!

> We've got a bug reported by Kolla team two days ago [1]. We
> merged some workaround [2] and [3] yesterday. Thanks a lot to the
> Requirements team for the really quick merge! I appreciate it.
> For now, we've got horizon gates broken because of hose patches fix
> only devstack but not unit tests jobs.
> The root cause of this situation is pyScss package which is not
> maintained for the last two years. It's not a surprise to me that it
> doesn't work with the new setuptools. I'm really surprised that we've
> found this kind of bugs only now.

I suppose that we can't easily get rid of the dependency...

> Since I don't believe we can block new setuptools forever, I decided
> to fork pyScss [4] and django-pyscss [5] projects. I'm still not sure
> that I've done everything right with licensing and versioning, but it
> works now on my environment. Any help on these areas would be much
> appreciated. I proposed patches to requirements and horizon repos [6]
> to use new libraries.

I checked your repos, they are BSD and MIT licensed. Which means:
- Horizon didn't do anything wrong with using them in the first place
- Your fork can be used to use them
- We could make "your forks" projects on opendev.

I suppose you're not only calling to say that you're now maintainer,
but instead want to raise the fact that you're (now) the only
maintainer, and we need more folks to step up and help maintain...

> The reason I've tagged TC in the mail thread is described below.
> Horizon has a lot of too old and unmaintained libraries. I'm pretty
> sure that this only one of the first issues with outdated
> dependencies which blocks horizon and other gates.

Is there a path forward to remove the usage of those dependencies, or
to change things? If we have a plan, it's (relatively) less hard to
point people to work on said plan to get help.

> I do understand why we've got this situation. Unfortunately, we don't
> have any full-time horizon
> developers in the community. Horizon is mostly in maintenance phrase
> but not in active development. 

Sadly, it can be said of multiple projects. I am definitely hoping that
Horizon will get the attention it deserves. Having a plan of
"renovation"/"renewal" of horizon might help, as said above.

> I would like to get more attention on this issue because we have to
> update all dependencies not because they are new, have new features
> and/or security fixes. We have to take care of our dependencies asap
> to avoid usage of unmaintained libraries to have the whole OpenStack
> and Horizon healthy.

Agreed. Do you have other dependencies that are at risk here for
horizon? Did you audit this recently?

> P.S. I'm sorry if this message is too rude or emotional, I really
> don't want to make it such one.

It's not rude or emotional. You're raising a good point.

> [1] https://bugs.launchpad.net/kolla/+bug/1866961
> [2] https://review.opendev.org/#/c/711930/
> [3] https://review.opendev.org/#/c/712777/
> [4] https://github.com/e0ne/pyScss/
> [5] https://github.com/e0ne/django-pyscss
> [6] https://review.opendev.org/#/q/status:open+topic:fix-pyscss
> Regards,
> Ivan Kolodyazhny,
> http://blog.e0ne.info/

I think it might be worth splitting this email in multiple topics:
- Should we move pyScss and django-pyscss into opendev? (Do you want to
do it, or are you fine with your current fork right now?)
- How can we clean up the dependencies in horizon?
- Should Horizon be listed in the business opportunities, to have
someone to step up?
- Should the TC audit all the official projects to avoid usage of
unmaintained libraries?


More information about the openstack-discuss mailing list