On 10/8/2015 4:21 AM, Julien Danjou wrote:
On Wed, Oct 07 2015, Matt Riedemann wrote:
2. Backport the oslo.utils change to a stable branch, release it as a patch
release, bump minimum required version in stable g-r and then backport the nova
change and depend on the backported oslo.utils stable release - which also
makes it a dependent library version bump for any packagers/distros that have
already frozen libraries for their stable releases, which is kind of not fun.
You should not need to bump the minimum version in g-r. The minimum
version there should be the minimal version to have working code.
If you start bumping dependencies or dependencies of dependencies each
time they release because a bug or a security issue is fixed, it's going
to a never ending useless job.
When you're an operator, you know you need to always run the latest
stable version of the things you have in prod' to have all the fixes.
That's common good sense.
I don't know how many operators are tracking patch releases of
dependencies on stable branches unless there is a new minimum
requirement on those, especially if they aren't getting their updates
from a distro provider. So while nova wouldn't be broken w/o the patched
oslo.utils on stable, the OSSA wouldn't be fixed in that case.
--
Thanks,
Matt Riedemann
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev