Simo Sorce wrote: > On Wed, 2013-08-14 at 12:35 -0300, Thierry Carrez wrote: >> Simo Sorce wrote: >>>> During today's project status meeting [1], the state of KDS was >>>> discussed [2]. To quote ttx directly: "we've been bitten in the past >>>> with late security-sensitive stuff" and "I'm a bit worried to ship >>>> late code with such security implications as a KDS." >>> >>> Is ttx going to review any "security implications" ? The code does not >>> mature just because is sit there untouched for more or less time. >> >> This is me wearing my vulnerability management hat on. The trick is that >> we (the VMT) have to support security issues for code that will be >> shipped in stable/havana. The most embarrassing security issues we had >> in the past were with code that didn't see a fair amount of time in >> master before we had to start supporting it. >> >> So for us there is a big difference between landing the KDS now and have >> it security-supported after one month of usage, and landing it in a few >> weeks and have it security-supported after 7 months of usage. After 7 >> months I'm pretty sure most of the embarrassing issues will be ironed out. >> >> I don't really want us to repeat the mistakes of the past where we >> shipped really new code in keystone that ended up not really usable, but >> which we still had to support security-wise due to our policy. >> >> By "security implications", I mean that this is a domain (like, say, >> token expiration) where even basic bugs can easily create a >> vulnerability. We just don't have the bandwidth to ship an embargoed >> security advisory for every bug that will be found in the KDS one month >> from now. > > I understand and appreciate that, so are you saying you want to veto KDS > introduction in Havana on this ground ?
It's more of a trade-off: I want the benefits to exceed the drawbacks. Since I see this drawback, I'd like to understand the benefits so that we can collectively make the good trade-off... Does this really need to be in havana and why ? Or is it preferable to have it really early in icehouse ? Note that I can't really "veto" anything as long as the PTL wants it in :) >> Are you saying it won't have significantly less issues in 7 months just >> by the virtue of being landed in master and put into use in various >> projects ? Or that it was so thoroughly audited that my fears are >> unwarranted ? > > Bugs can always happen, and whether 7 month of being used in development > makes a difference when it comes to security relevant bugs I can't say. > I certainly am not going to claim my work flawless, I know better than > that :) Damn, you escaped my trap :) -- Thierry Carrez (ttx) _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
