On 17/01/17 09:21, Fox, Kevin M wrote: > IMO, This is why the big tent has been so damaging to OpenStack's progress. > Instead of lifting the commons up, by requiring dependencies on other > projects, there by making them commonly deployed and high quality, post big > tent, each project reimplements just enough to get away with making something > optional, and then the commons, and OpenStack as a whole suffers. This > behavior MUST STOP if OpenStack is to make progress again. Other projects, > such as Kubernetes are making tremendous progress because they are not > hamstrung by one component trying desperately not to depend on another when > the dependency is appropriate. They enhance the existing component until its > suitable and the whole project benefits. Yes, as an isolated dev, the > behavior to make deps optional seems to make sense. But as a whole, OpenStack > is suffering and will become increasingly irrelevant moving forward if the > current path is continued. Please, please reconsider what the current stance > on dependencies is doing to > the community. This problem is not just isolated to barbican, but lots of > other projects as well. We can either help pull each other up, or we can step > on each other to try and get "on top". I'd rather we help each other rather > then the destructive path we seem to be on. + 100
As the PTL of Zaqar, I know some projects using agent are reluctant to leverage Zaqar to resolve potential security/communication issues. As a result, customer/deployer don't want to deploy the project. So that said, a new dependency may make the deployment harder, but sometimes without the support/benefit from the other services, that project may won't be on the list unless you reimplement the wheel. > My 2 cents. > Kevin > > ________________________________________ > From: Chris Friesen [chris.frie...@windriver.com] > Sent: Monday, January 16, 2017 9:25 AM > To: openstack-dev@lists.openstack.org > Subject: Re: [openstack-dev] [all] [barbican] [security] Why are projects > trying to avoid Barbican, still? > > On 01/16/2017 10:31 AM, Rob C wrote: > >> I think the main point has already been hit on, developers don't want to >> require that Barbican be deployed in order for their service to be >> used. > I think that this is a perfectly reasonable stance for developers to take. As > long as Barbican is an optional component, then making your service depend on > it > has a good chance of limiting your potential install base. > > Given that, it seems like the ideal model from a security perspective would be > to use Barbican if it's available at runtime, otherwise use something > else...but > that has development and maintenance costs. > > Chris > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Cheers & Best regards, FeiLong Wang (王飞龙) -------------------------------------------------------------------------- Senior Cloud Software Engineer Tel: +64-48032246 Email: flw...@catalyst.net.nz Catalyst IT Limited Level 6, Catalyst House, 150 Willis Street, Wellington -------------------------------------------------------------------------- __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
