It's just an extension, shouldn't be treated differently as long as it follow the rules and regulations.
1. Bp 2. Spec (identity-api) 3. Server-side changes (keystone) 4. Client-side changes if any (python-keystoneclient) If OpenStack security community is participating in the code reviews, that would even be awesomer. Guang From: Adam Young [mailto:[email protected]] Sent: Wednesday, August 14, 2013 6:24 AM To: [email protected] Subject: Re: [openstack-dev] [keystone] [oslo] postpone key distribution bp until icehouse? On 08/13/2013 06:20 PM, Dolph Mathews wrote: With regard to: https://blueprints.launchpad.net/keystone/+spec/key-distribution-server During today's project status meeting [1], the state of KDS was discussed [2]. To quote ttx directly: "we've been bitten in the past with late security-sensitive stuff" and "I'm a bit worried to ship late code with such security implications as a KDS." I share the same concern, especially considering the API only recently went up for formal review [3], and the WIP implementation is still failing smokestack [4]. Since KDS is a security tightening in acase where there is no security at all, adding it in can only improve security. It is a relatively simple extension from the keystone side. THe corresponding change is in the client, and that has already merged. I'm happy to see the reviews in question continue to receive their fair share of attention over the next few weeks, but can (and should?) merging be delayed until icehouse while more security-focused eyes have time to review the code? Ceilometer and nova would both be affected by a delay, as both have use cases for consuming trusted messaging [5] (a dependency of the bp in question). Thanks for you feedback! [1]: http://eavesdrop.openstack.org/irclogs/%23openstack-meeting/%23openstack-mee ting.2013-08-13.log [2]: http://paste.openstack.org/raw/44075/ [3]: https://review.openstack.org/#/c/40692/ [4]: https://review.openstack.org/#/c/37118/ [5]: https://blueprints.launchpad.net/oslo/+spec/trusted-messaging _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
