[dev][requirements][security-sig][tc]cryptography min version (non-rust) through 2024.1
Corey Bryant
corey.bryant at canonical.com
Tue Mar 7 19:28:23 UTC 2023
On Tue, Mar 7, 2023 at 12:30 PM Jeremy Stanley <fungi at yuggoth.org> wrote:
> On 2023-03-07 11:19:26 -0500 (-0500), Corey Bryant wrote:
> [...]
> > The current upper-constraint for cryptography is 38.0.2, but the
> > various requirements.txt min versions are much lower (e.g.
> > keystone has cryptography>=2.7). This is likely to lead to patches
> > landing with features that are only in 38.0.2, so it will likely
> > be difficult to enforce min version support. But perhaps a stance
> > toward maintaining compatibility could be established.
> [...]
>
> While introducing specific tests for this would not be trivial,
> maybe it's one of those situations where we try to avoid breaking
> compatibility with older versions and don't reject patches when
> people find that something has inadvertently started depending on a
> feature only available in the Rust-based builds?
> --
> Jeremy Stanley
>
I'd be okay with an approach like this. Would this need to be formally
adopted by the TC?
Corey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230307/7cece63c/attachment.htm>
More information about the openstack-discuss
mailing list