On a related and slightly less problematic case is another one like this...
https://github.com/rholder/retrying/issues/11 On Sep 17, 2014, at 8:15 AM, Thomas Goirand <[email protected]> wrote: > Hi, > > I'm horrified by what I just found. I have just found out this in > glanceclient: > > File "<bla>/tests/test_ssl.py", line 19, in <module> > from requests.packages.urllib3 import poolmanager > ImportError: No module named packages.urllib3 > > Please *DO NOT* do this. Instead, please use urllib3 from ... urllib3. > Not from requests. The fact that requests is embedding its own version > of urllib3 is an heresy. In Debian, the embedded version of urllib3 is > removed from requests. > > In Debian, we spend a lot of time to "un-vendorize" stuff, because > that's a security nightmare. I don't want to have to patch all of > OpenStack to do it there as well. > > And no, there's no good excuse here... > > Thomas Goirand (zigo) > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
