)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"406529849427e50c9ad02e208ba364608ead0d50","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"54f69837_19d50fd5","updated":"2026-05-11 21:30:29.000000000","message":"We should check available TLS versions early and boom if we don\u0027t have them.","commit_id":"eb6322e9746ac8793537b4928f0af7f7fc41994d"},{"author":{"_account_id":5890,"name":"Doug Goldstein","email":"cardoe@cardoe.com","username":"cardoe"},"change_message_id":"8f0a54bae0f3a102b70da5a037d0c0b8ff0c6485","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":4,"id":"6ff5faa2_b014d6f6","updated":"2026-05-15 02:18:43.000000000","message":"I dislike the Claude getattr() wrapping cause it makes the types even more vague.","commit_id":"b6beb8437051e3a58feb6e7f4627d18e2efc316b"}],"ironic/common/wsgi_service.py":[{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"406529849427e50c9ad02e208ba364608ead0d50","unresolved":true,"context_lines":[{"line_number":106,"context_line":""},{"line_number":107,"context_line":"            tls_min \u003d getattr(conf, \u0027tls_minimum_version\u0027, None)"},{"line_number":108,"context_line":"            if tls_min:"},{"line_number":109,"context_line":"                version \u003d _TLS_VERSION_MAP[tls_min]"},{"line_number":110,"context_line":"                self.server.ssl_adapter.context.minimum_version \u003d ("},{"line_number":111,"context_line":"                    version"},{"line_number":112,"context_line":"                )"}],"source_content_type":"text/x-python","patch_set":3,"id":"a6c0c5db_21c73fdf","line":109,"updated":"2026-05-11 21:30:29.000000000","message":"We need to check ssl.TLSVersion.MINIMUM_SUPPORTED / MAXIMUM_SUPPORTED *or* check for getattr(ssl, f\u0027HAS_TLSv1_3\u0027) (for example).\n\nThat\u0027ll ensure we blow up at initialization with a good error, and not at the first time Ironic tries to do something TLS with an impenetrable error.\n\nhas_tls_version from https://github.com/python/cpython/blob/main/Lib/test/test_ssl.py is a good example of how to check","commit_id":"eb6322e9746ac8793537b4928f0af7f7fc41994d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"2ecf99ef3d735fa1e8c81f4a2310dbb8cb063dc4","unresolved":true,"context_lines":[{"line_number":106,"context_line":""},{"line_number":107,"context_line":"            tls_min \u003d getattr(conf, \u0027tls_minimum_version\u0027, None)"},{"line_number":108,"context_line":"            if tls_min:"},{"line_number":109,"context_line":"                version \u003d _TLS_VERSION_MAP[tls_min]"},{"line_number":110,"context_line":"                self.server.ssl_adapter.context.minimum_version \u003d ("},{"line_number":111,"context_line":"                    version"},{"line_number":112,"context_line":"                )"}],"source_content_type":"text/x-python","patch_set":3,"id":"e95e3208_b7d5a9f0","line":109,"in_reply_to":"7870b331_f824c89c","updated":"2026-05-13 16:14:41.000000000","message":"Yep, exactly. I\u0027m not worried about it not existing in the \"too new\" sense, I\u0027m worried about it disappearing in a future openssl.","commit_id":"eb6322e9746ac8793537b4928f0af7f7fc41994d"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"a1a023c83e611e9b1495f614f30895f1c21905bb","unresolved":true,"context_lines":[{"line_number":106,"context_line":""},{"line_number":107,"context_line":"            tls_min \u003d getattr(conf, \u0027tls_minimum_version\u0027, None)"},{"line_number":108,"context_line":"            if tls_min:"},{"line_number":109,"context_line":"                version \u003d _TLS_VERSION_MAP[tls_min]"},{"line_number":110,"context_line":"                self.server.ssl_adapter.context.minimum_version \u003d ("},{"line_number":111,"context_line":"                    version"},{"line_number":112,"context_line":"                )"}],"source_content_type":"text/x-python","patch_set":3,"id":"7870b331_f824c89c","line":109,"in_reply_to":"a6c0c5db_21c73fdf","updated":"2026-05-13 15:10:55.000000000","message":"I guess I really wouldn\u0027t have thought this to really be needed since 1.3 has been in python since 3.7... but this is more to guard if the underlying openssl library is lacking it.","commit_id":"eb6322e9746ac8793537b4928f0af7f7fc41994d"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"22502ef942bbd92d6a71398774be4fb3394a655c","unresolved":false,"context_lines":[{"line_number":127,"context_line":""},{"line_number":128,"context_line":"            validate_cert_paths(cert_file, key_file)"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"            tls_ciphers \u003d getattr(conf, \u0027tls_ciphers\u0027, None)"},{"line_number":131,"context_line":"            self.server.ssl_adapter \u003d cheroot_ssl.BuiltinSSLAdapter("},{"line_number":132,"context_line":"                certificate\u003dcert_file,"},{"line_number":133,"context_line":"                private_key\u003dkey_file,"}],"source_content_type":"text/x-python","patch_set":4,"id":"20c624f7_09ce76c9","line":130,"updated":"2026-05-15 12:47:39.000000000","message":"I agree, it\u0027s a bit odd","commit_id":"b6beb8437051e3a58feb6e7f4627d18e2efc316b"},{"author":{"_account_id":5890,"name":"Doug Goldstein","email":"cardoe@cardoe.com","username":"cardoe"},"change_message_id":"8f0a54bae0f3a102b70da5a037d0c0b8ff0c6485","unresolved":true,"context_lines":[{"line_number":127,"context_line":""},{"line_number":128,"context_line":"            validate_cert_paths(cert_file, key_file)"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"            tls_ciphers \u003d getattr(conf, \u0027tls_ciphers\u0027, None)"},{"line_number":131,"context_line":"            self.server.ssl_adapter \u003d cheroot_ssl.BuiltinSSLAdapter("},{"line_number":132,"context_line":"                certificate\u003dcert_file,"},{"line_number":133,"context_line":"                private_key\u003dkey_file,"}],"source_content_type":"text/x-python","patch_set":4,"id":"aea7c0d8_2d8f968c","line":130,"updated":"2026-05-15 02:18:43.000000000","message":"```suggestion\n            tls_ciphers \u003d conf.tls_ciphers\n```\n\nNothing else does this abstraction of \u0027conf\u0027.","commit_id":"b6beb8437051e3a58feb6e7f4627d18e2efc316b"},{"author":{"_account_id":5890,"name":"Doug Goldstein","email":"cardoe@cardoe.com","username":"cardoe"},"change_message_id":"8f0a54bae0f3a102b70da5a037d0c0b8ff0c6485","unresolved":true,"context_lines":[{"line_number":134,"context_line":"                ciphers\u003dtls_ciphers,"},{"line_number":135,"context_line":"            )"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"            tls_min \u003d getattr(conf, \u0027tls_minimum_version\u0027, None)"},{"line_number":138,"context_line":"            if tls_min:"},{"line_number":139,"context_line":"                _check_tls_version_supported(tls_min)"},{"line_number":140,"context_line":"                version \u003d _TLS_VERSION_MAP[tls_min]"}],"source_content_type":"text/x-python","patch_set":4,"id":"f1daa212_a7ec1761","line":137,"updated":"2026-05-15 02:18:43.000000000","message":"```suggestion\n            tls_min \u003d conf.tls_minimum_version\n```","commit_id":"b6beb8437051e3a58feb6e7f4627d18e2efc316b"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"22502ef942bbd92d6a71398774be4fb3394a655c","unresolved":false,"context_lines":[{"line_number":146,"context_line":"                    tls_min, name"},{"line_number":147,"context_line":"                )"},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"            if tls_ciphers:"},{"line_number":150,"context_line":"                LOG.info("},{"line_number":151,"context_line":"                    \"TLS ciphers configured for %s\", name"},{"line_number":152,"context_line":"                )"}],"source_content_type":"text/x-python","patch_set":4,"id":"e70c1251_ba771bb9","line":149,"updated":"2026-05-15 12:47:39.000000000","message":"nit: move to where tls_ciphers is handled","commit_id":"b6beb8437051e3a58feb6e7f4627d18e2efc316b"}],"ironic/conf/api.py":[{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"406529849427e50c9ad02e208ba364608ead0d50","unresolved":true,"context_lines":[{"line_number":127,"context_line":"               \"TLS 1.2 since TLS 1.0 and 1.1 are \""},{"line_number":128,"context_line":"               \"deprecated (RFC 8996). This option has \""},{"line_number":129,"context_line":"               \"no effect when TLS is terminated by an \""},{"line_number":130,"context_line":"               \"external service such as a reverse proxy.\")),"},{"line_number":131,"context_line":"    cfg.StrOpt("},{"line_number":132,"context_line":"        \u0027tls_ciphers\u0027,"},{"line_number":133,"context_line":"        help\u003d_(\"Set the list of available ciphers for the \""}],"source_content_type":"text/x-python","patch_set":3,"id":"94dd8781_2fc5ad14","line":130,"updated":"2026-05-11 21:30:29.000000000","message":"Should we explicitly mention this does not impact TLS versions used for Conductor\u003c\u003eBMC communication? I guess it\u0027s in [api] so it should be obvious...","commit_id":"eb6322e9746ac8793537b4928f0af7f7fc41994d"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"378b0b538dcd3cecbc51326c5654fd5f4a665f51","unresolved":true,"context_lines":[{"line_number":127,"context_line":"               \"TLS 1.2 since TLS 1.0 and 1.1 are \""},{"line_number":128,"context_line":"               \"deprecated (RFC 8996). This option has \""},{"line_number":129,"context_line":"               \"no effect when TLS is terminated by an \""},{"line_number":130,"context_line":"               \"external service such as a reverse proxy.\")),"},{"line_number":131,"context_line":"    cfg.StrOpt("},{"line_number":132,"context_line":"        \u0027tls_ciphers\u0027,"},{"line_number":133,"context_line":"        help\u003d_(\"Set the list of available ciphers for the \""}],"source_content_type":"text/x-python","patch_set":3,"id":"5c145a81_54187764","line":130,"in_reply_to":"0f411e98_a773a233","updated":"2026-05-13 22:19:55.000000000","message":"It pretty clearly says it is for the integrated api sevice.","commit_id":"eb6322e9746ac8793537b4928f0af7f7fc41994d"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"a1a023c83e611e9b1495f614f30895f1c21905bb","unresolved":true,"context_lines":[{"line_number":127,"context_line":"               \"TLS 1.2 since TLS 1.0 and 1.1 are \""},{"line_number":128,"context_line":"               \"deprecated (RFC 8996). This option has \""},{"line_number":129,"context_line":"               \"no effect when TLS is terminated by an \""},{"line_number":130,"context_line":"               \"external service such as a reverse proxy.\")),"},{"line_number":131,"context_line":"    cfg.StrOpt("},{"line_number":132,"context_line":"        \u0027tls_ciphers\u0027,"},{"line_number":133,"context_line":"        help\u003d_(\"Set the list of available ciphers for the \""}],"source_content_type":"text/x-python","patch_set":3,"id":"0f411e98_a773a233","line":130,"in_reply_to":"94dd8781_2fc5ad14","updated":"2026-05-13 15:10:55.000000000","message":"I didn\u0027t think this as","commit_id":"eb6322e9746ac8793537b4928f0af7f7fc41994d"}]}