On 09/19/2013 04:30 PM, Mark McLoughlin wrote:
On Thu, 2013-09-19 at 15:22 -0500, Dolph Mathews wrote:
On Thu, Sep 19, 2013 at 2:59 PM, Adam Young <[email protected]> wrote:
I can submit a summit proposal. I was thinking of making it
more general than just the Policy piece. Here is my proposed
session. Let me know if it rings true:
Title: Extracting Shared Libraries from incubator
Some of the security-sensitive code in OpenStack is coped into
various projects from Oslo-Incubator. If there is a CVE
identified in one of these pieces, there is no rapid way to
update them short of syncing code to all projects. This
meeting is to identify the pieces of Oslo-incubator that
should be extracted into stand alone libraries.
I believe the goal of oslo-incubator IS to spin out common code into
standalone libraries in the long run, as appropriate.
Indeed.
https://wiki.openstack.org/wiki/Oslo
Mission Statement:
To produce a set of python libraries containing code shared by
OpenStack projects
https://wiki.openstack.org/wiki/Oslo#Incubation
Incubation shouldn't be seen as a long term option for any API - it
is merely a stepping stone to inclusion into a published Oslo
library.
Thanks for the link. In Keystone, We've identified policy.py
specifically as a candidate.
Some of the code would be best reviewed by members of other
projects: Network specific code by Neutron, Policy by
Keystone, and so forth. As part of the discussion, we will
identify a code review process that gets the right reviewers
for those subprojects.
It sounds like the real goal is "how do we get relevant/interested
reviewers in front of oslo reviews without overloading them with
noise?" I'm sure that's a topic that Mark already has an opinion on,
so I've opened this thread this to openstack-dev.
To take the specific example of the policy API, if someone actively
wanted to help the process of moving it into a standalone library should
volunteer to help Flavio out as a maintainer:
https://git.openstack.org/cgit/openstack/oslo-incubator/tree/MAINTAINERS
== policy ==
M: Flavio Percoco <[email protected]>
S: Maintained
F: policy.py
Would it make sense to explicitly add Keystone developers, or can we
include the launchpad keystone-core group to this module?
If we want to keep it per user, I'm willing to do so, and I think we
have a couple of other likely candidates from Keystone: I'll let then
speak up for themselves.
Should we submit the names as review requests against the MAINTAINERS
file in that repo?
Another aspect is how someone would go about helping do reviews on a
specific API in oslo-incubator. That's a common need - e.g. for
maintainers of virt drivers in Nova - and AIUI, these folks just
subscribe to all gerrit notifications for the module and then use mail
filters to make sure they see changes to the files they're interested
in.
Thanks,
Mark.
_______________________________________________
OpenStack-dev mailing list
[email protected]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
