Excerpts from Doug Wiegley's message of 2014-06-10 14:41:29 -0700: > Of what use is a database that randomly delete rows? That is, in effect, > what you’re allowing. > > The secrets are only useful when paired with a service. And unless I’m > mistaken, there’s no undo. So you’re letting users shoot themselves in the > foot, for what reason, exactly? How do you expect openstack to rely on a > data store that is fundamentally random at the whim of users? Every single > service that uses Barbican will now have to hack in a defense mechanism of > some kind, because they can’t trust that the secret they rely on will still > be there later. Which defeats the purpose of this mission statement: > "Barbican is a ReST API designed for the secure storage, provisioning and > management of secrets.” > > (And I don’t think anyone is suggesting that blind refcounts are the answer. > At least, I hope not.) > > Anyway, I hear this has already been decided, so, so be it. Sounds like > we’ll hack around it. >
Doug, nobody is calling Barbican "a database". It is a place to store secrets. The idea is to loosely couple things, and if you need more assurances, use something like Heat to manage the relationships. _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
