openstack team mailing list archive

Thread
Date

Re: New build dependency on keyring

To: Ken Thomas <krt@xxxxxxxxxxxxx>
From: Sam Morrison <sorrison@xxxxxxxxx>
Date: Thu, 13 Dec 2012 09:46:37 +1100
Cc: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <50C8C290.8080205@yahoo-inc.com>

My question is what does this extra dependancy give us apart from extra complexity?

I can't see any enhancement in security with this method?

Cheers,
Sam



On 13/12/2012, at 4:44 AM, Ken Thomas <krt@xxxxxxxxxxxxx> wrote:

> Greetings all!
> 
> I'm look into using keyring as a way to (optionally) remove clear text passwords from the various config files. (See https://blueprints.launchpad.net/oslo/+spec/pw-keyrings for details.)
> 
> One of the comments I got back is that I should have the oslo build dependency on keyring be optional until a consensus is reached that it's okay to add it.  I see that keystoneclient is already doing an "import keyring" and catching the exception if it's not there. I can certainly do something similar, but it seems like it would simplify things if we did just have keyring as a regular hard dependency. You don't have to use it, but it's there if you want it.
> 
> So, is this the proper forum to bring this up?
> 
> And if so, can we start the ball rolling to get a decision on getting that dependency approved?
> 
> Thanks,
> 
> Ken
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

Follow ups

Re: New build dependency on keyring
From: Ken Thomas, 2012-12-12

References

New build dependency on keyring
From: Ken Thomas, 2012-12-12