On 03/03/2014 02:23 PM, Sean Dague wrote: > On 03/03/2014 12:56 PM, Tristan Cacqueray wrote: >> On 02/28/2014 07:52 PM, david.co...@oracle.com wrote: >>>> OpenStack Security Advisory: 2014-005 >>>> CVE: CVE-2013-6396 >>>> Date: February 17, 2014 >>>> Title: Missing SSL certificate check in Python Swift client >>>> Reporter: Thomas Leaman (HP) >>>> Products: python-swiftclient >>>> Versions: 1.0 version up to 1.9.0 >>> >>>> python-swiftclient fix (included in 2.0 release): >>>> https://review.openstack.org/#/c/69187 >>> >>> I understand why the fix is specific to the 2.x branch >>> (https://bugs.launchpad.net/python-swiftclient/+bug/1199783/comments/21) >>> but does anyone know how compatible this version of python-swiftclient >>> is with Grizzly? In particular, both Glance and Horizon from Grizzly >>> strictly specify python-swiftclient>=1.2,<2 but I know in Havana and >>> later the upper-bound was removed. >> >> Hi David, >> >> the bump to 2.x included some API changes (in method parameters and CLI >> options), and "may" works for grizzly. >> >> For the record, I just tested 2.x branch against grizzly, and basics >> commands worked as expected (list, upload, download). >> >> Best regards, >> Tristan > > 2.x isn't grizzly compatible, we ran into substantial issues with the > swift cli which made us dump a bunch of the swift tests in the gate to > stop blocking stable/havana code from moving forward. > > -Sean > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > are you relying on us (packagers) to change the version requirements to <= 2.0 instead of < 2.0? I would like to get this fixed for grizzly in Gentoo as well.
-- -- Matthew Thode (prometheanfire)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack