<div dir="ltr"><div>Hi folks, in particular operators...</div><div><br></div><div>We discussed yesterday during the nova meeting [1] about our stable branches and eventually, we were wondering whether we should EOL [2] the stable/train branch for Nova.</div><div><br></div><div>Why so ? Two points :</div><div>1/ The gate is failing at the moment for the branch.</div><div>2/ Two CVEs (<span style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;display:inline;float:none">CVE-2022-47951 [3] and </span>CVE-2023-2088 [4]) aren't fixed in this branch.</div><div><br></div><div>It would be difficult to fix the CVEs in the upstream branch but hopefully AFAIK all the OpenStack distros already fixed them for their related releases that use Train.</div><div><br></div><div>So, any concerns ? TBH, I'm not really happy with EOL, but it would be bizarre if we say "oh yeah we support Train backports" but we don't really fix the most important issues...</div><div><br></div><div>-Sylvain (who will propose the train-eol tag change next week if he doesn't see any concern before)<br></div><div><br></div><div>[1] <a href="https://meetings.opendev.org/meetings/nova/2023/nova.2023-05-23-16.01.log.html#l-152">https://meetings.opendev.org/meetings/nova/2023/nova.2023-05-23-16.01.log.html#l-152</a></div><div>[2] <a href="https://docs.openstack.org/project-team-guide/stable-branches.html#end-of-life">https://docs.openstack.org/project-team-guide/stable-branches.html#end-of-life</a></div><div>[3] <a href="https://security.openstack.org/ossa/OSSA-2023-002.html">https://security.openstack.org/ossa/OSSA-2023-002.html</a></div><div>[4] <a href="https://security.openstack.org/ossa/OSSA-2023-003.html">https://security.openstack.org/ossa/OSSA-2023-003.html</a></div></div>