)]}'
{"doc/source/dependency-management.rst":[{"author":{"_account_id":14288,"name":"Matthew Thode","display_name":"prometheanfire","email":"mthode@mthode.org","username":"prometheanfire"},"change_message_id":"72e9fbbd4be35f99fb2bb77306ff5e3979e6d687","unresolved":false,"context_lines":[{"line_number":394,"context_line":"for a dependency is only acceptable during `Maintained Phase`,"},{"line_number":395,"context_line":"and can be acceptable for"},{"line_number":396,"context_line":""},{"line_number":397,"context_line":"* documenting upper caps that need to be followed (example a newer"},{"line_number":398,"context_line":"release was made that removes python 2.x support, but we still"},{"line_number":399,"context_line":"rely on a version that has python 2.x support)"},{"line_number":400,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bfb3d3c7_869f025e","line":397,"range":{"start_line":397,"start_character":14,"end_line":397,"end_character":19},"updated":"2019-05-23 02:29:53.000000000","message":"just caps, as caps is already the top.\n\n/upper/d","commit_id":"c5a63950ae194f1315324ad7e37d58dbf8d169b7"},{"author":{"_account_id":6593,"name":"Dirk Mueller","email":"dirk@dmllr.de","username":"dmllr"},"change_message_id":"5588e5175e68e468c1c9bd0bbbae47f63edc7bc3","unresolved":false,"context_lines":[{"line_number":394,"context_line":"for a dependency is only acceptable during `Maintained Phase`,"},{"line_number":395,"context_line":"and can be acceptable for"},{"line_number":396,"context_line":""},{"line_number":397,"context_line":"* documenting upper caps that need to be followed (example a newer"},{"line_number":398,"context_line":"release was made that removes python 2.x support, but we still"},{"line_number":399,"context_line":"rely on a version that has python 2.x support)"},{"line_number":400,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bfb3d3c7_d8a2a74b","line":397,"range":{"start_line":397,"start_character":14,"end_line":397,"end_character":19},"in_reply_to":"bfb3d3c7_869f025e","updated":"2019-05-23 17:49:29.000000000","message":"Done","commit_id":"c5a63950ae194f1315324ad7e37d58dbf8d169b7"},{"author":{"_account_id":14288,"name":"Matthew Thode","display_name":"prometheanfire","email":"mthode@mthode.org","username":"prometheanfire"},"change_message_id":"72e9fbbd4be35f99fb2bb77306ff5e3979e6d687","unresolved":false,"context_lines":[{"line_number":404,"context_line":"is done due to a security vulnerability and that change requires"},{"line_number":405,"context_line":"or is required by a change in OpenStack, these must be announced"},{"line_number":406,"context_line":"via a OSSN notice to the OpenStack users in a timely fashion alongside"},{"line_number":407,"context_line":"the requirements change."},{"line_number":408,"context_line":""},{"line_number":409,"context_line":".. _Maintained Phase: https://docs.openstack.org/project-team-guide/stable-branches.html#maintenance-phases"},{"line_number":410,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bfb3d3c7_26ebb6b0","line":407,"updated":"2019-05-23 02:29:53.000000000","message":"We also need to note that we may have another constraints file that tracks the security constraints.\n\nThis item may need to be split, or at least made more clear.  It allows exclusions and allows changing the constraint itself (so touches both upper-constraints (or a-little-more-secure-constraints.txt) and global-requirements.txt.","commit_id":"c5a63950ae194f1315324ad7e37d58dbf8d169b7"},{"author":{"_account_id":6593,"name":"Dirk Mueller","email":"dirk@dmllr.de","username":"dmllr"},"change_message_id":"5588e5175e68e468c1c9bd0bbbae47f63edc7bc3","unresolved":false,"context_lines":[{"line_number":404,"context_line":"is done due to a security vulnerability and that change requires"},{"line_number":405,"context_line":"or is required by a change in OpenStack, these must be announced"},{"line_number":406,"context_line":"via a OSSN notice to the OpenStack users in a timely fashion alongside"},{"line_number":407,"context_line":"the requirements change."},{"line_number":408,"context_line":""},{"line_number":409,"context_line":".. _Maintained Phase: https://docs.openstack.org/project-team-guide/stable-branches.html#maintenance-phases"},{"line_number":410,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bfb3d3c7_3893c3fc","line":407,"in_reply_to":"bfb3d3c7_26ebb6b0","updated":"2019-05-23 17:49:29.000000000","message":"Hmm, okay, I haven\u0027t made up my mind yet on this.","commit_id":"c5a63950ae194f1315324ad7e37d58dbf8d169b7"},{"author":{"_account_id":10607,"name":"Alexandra Settle","email":"a.settle@outlook.com","username":"asettle"},"change_message_id":"4e0bd2a667ba028435cff3ccf381ecab9e5d678c","unresolved":false,"context_lines":[{"line_number":390,"context_line":"track excluded and globally defined minimum required versions."},{"line_number":391,"context_line":""},{"line_number":392,"context_line":"Changing the effectively used version or the version specifiers for any"},{"line_number":393,"context_line":"OpenStack dependency is only acceptable during `Maintained Phase`, and"},{"line_number":394,"context_line":"can be accepted if we"},{"line_number":395,"context_line":""},{"line_number":396,"context_line":"* are documenting the actually required caps that are needed"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9fb8cfa7_cbc0a97f","line":393,"range":{"start_line":393,"start_character":48,"end_line":393,"end_character":58},"updated":"2019-06-21 09:22:00.000000000","message":"Maintenance, no?","commit_id":"3af7c5eda77cd82d20e35c594600592c964198a5"},{"author":{"_account_id":10607,"name":"Alexandra Settle","email":"a.settle@outlook.com","username":"asettle"},"change_message_id":"4e0bd2a667ba028435cff3ccf381ecab9e5d678c","unresolved":false,"context_lines":[{"line_number":391,"context_line":""},{"line_number":392,"context_line":"Changing the effectively used version or the version specifiers for any"},{"line_number":393,"context_line":"OpenStack dependency is only acceptable during `Maintained Phase`, and"},{"line_number":394,"context_line":"can be accepted if we"},{"line_number":395,"context_line":""},{"line_number":396,"context_line":"* are documenting the actually required caps that are needed"},{"line_number":397,"context_line":"  (for example a release was made that removes python 2.x support,"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9fb8cfa7_6bbf3dfb","line":394,"range":{"start_line":394,"start_character":19,"end_line":394,"end_character":21},"updated":"2019-06-21 09:22:00.000000000","message":"we... *","commit_id":"3af7c5eda77cd82d20e35c594600592c964198a5"},{"author":{"_account_id":10607,"name":"Alexandra Settle","email":"a.settle@outlook.com","username":"asettle"},"change_message_id":"f343a35e0358d90b38fa577422571434bc071b9b","unresolved":false,"context_lines":[{"line_number":393,"context_line":"OpenStack dependency is only acceptable during `Maintained Phase`, and"},{"line_number":394,"context_line":"can be accepted if we"},{"line_number":395,"context_line":""},{"line_number":396,"context_line":"* are documenting the actually required caps that are needed"},{"line_number":397,"context_line":"  (for example a release was made that removes python 2.x support,"},{"line_number":398,"context_line":"  but we still rely on a version that has python 2.x support)"},{"line_number":399,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"9fb8cfa7_a4e05bce","line":396,"range":{"start_line":396,"start_character":22,"end_line":396,"end_character":30},"updated":"2019-06-17 15:02:46.000000000","message":"remove","commit_id":"3af7c5eda77cd82d20e35c594600592c964198a5"},{"author":{"_account_id":12898,"name":"Tony Breeds","email":"tony@bakeyournoodle.com","username":"tonyb"},"change_message_id":"f415bdb0c00f5ee6ee05790312a633e2d3e653ac","unresolved":false,"context_lines":[{"line_number":389,"context_line":"For releases older than OpenStack Rocky, global-requirements is also used to"},{"line_number":390,"context_line":"track excluded and globally defined minimum required versions."},{"line_number":391,"context_line":""},{"line_number":392,"context_line":"Changing the effectively used version or the version specifiers for any"},{"line_number":393,"context_line":"OpenStack dependency is only acceptable during `Maintenance Phase`, and"},{"line_number":394,"context_line":"can be accepted if the following criteria is met:"},{"line_number":395,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"3fa7e38b_00a2973f","line":392,"range":{"start_line":392,"start_character":13,"end_line":392,"end_character":29},"updated":"2019-11-25 03:52:40.000000000","message":"We\u0027re talking about global-requirements (g-r) here (based on the context, I realise the \u0027effectively used\u0027 is old text but it\u0027s so vague it\u0027s confusing. Updating upper-constraints\u0027 (u-c) certainly changes the effectively used version in the gate, but I don\u0027t think that\u0027s what we\u0027re talking about.\n\nThis gets even more complex and confusing when we look a distributions, where the effectively used version isn\u0027t a single thing.","commit_id":"d21ec6750d280934c24694b0e7c99e4c1f73ed61"},{"author":{"_account_id":12898,"name":"Tony Breeds","email":"tony@bakeyournoodle.com","username":"tonyb"},"change_message_id":"f415bdb0c00f5ee6ee05790312a633e2d3e653ac","unresolved":false,"context_lines":[{"line_number":390,"context_line":"track excluded and globally defined minimum required versions."},{"line_number":391,"context_line":""},{"line_number":392,"context_line":"Changing the effectively used version or the version specifiers for any"},{"line_number":393,"context_line":"OpenStack dependency is only acceptable during `Maintenance Phase`, and"},{"line_number":394,"context_line":"can be accepted if the following criteria is met:"},{"line_number":395,"context_line":""},{"line_number":396,"context_line":"* Documenting the required caps that are needed"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3fa7e38b_c0655f1e","line":393,"range":{"start_line":393,"start_character":47,"end_line":393,"end_character":65},"updated":"2019-11-25 03:52:40.000000000","message":"This no loner matches the link test below so will make create a 404","commit_id":"d21ec6750d280934c24694b0e7c99e4c1f73ed61"},{"author":{"_account_id":12898,"name":"Tony Breeds","email":"tony@bakeyournoodle.com","username":"tonyb"},"change_message_id":"f415bdb0c00f5ee6ee05790312a633e2d3e653ac","unresolved":false,"context_lines":[{"line_number":399,"context_line":""},{"line_number":400,"context_line":"* Excluding known insecure versions to ensure gating tests are run"},{"line_number":401,"context_line":"  including the new behavior of the dependencies with security fixes"},{"line_number":402,"context_line":"  being in effect. If a effective version change or version exclude"},{"line_number":403,"context_line":"  is done due to a security vulnerability and that change requires"},{"line_number":404,"context_line":"  or is required by a change in OpenStack, these must be announced"},{"line_number":405,"context_line":"  via a OSSN notice to the OpenStack users in a timely fashion alongside"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3fa7e38b_60b34b9b","line":402,"range":{"start_line":402,"start_character":19,"end_line":402,"end_character":48},"updated":"2019-11-25 03:52:40.000000000","message":"What does this mean?  If we have libfoo\u003d\u003d\u003d1.5.1 in u-c and libbfoo in g-r.  Is updating libfoo!\u003d1.5.0 an \u0027effective change\u0027\n\nI\u0027m unclear.","commit_id":"d21ec6750d280934c24694b0e7c99e4c1f73ed61"},{"author":{"_account_id":12898,"name":"Tony Breeds","email":"tony@bakeyournoodle.com","username":"tonyb"},"change_message_id":"f415bdb0c00f5ee6ee05790312a633e2d3e653ac","unresolved":false,"context_lines":[{"line_number":402,"context_line":"  being in effect. If a effective version change or version exclude"},{"line_number":403,"context_line":"  is done due to a security vulnerability and that change requires"},{"line_number":404,"context_line":"  or is required by a change in OpenStack, these must be announced"},{"line_number":405,"context_line":"  via a OSSN notice to the OpenStack users in a timely fashion alongside"},{"line_number":406,"context_line":"  the requirements change."},{"line_number":407,"context_line":""},{"line_number":408,"context_line":".. _Maintained Phase: https://docs.openstack.org/project-team-guide/stable-branches.html#maintenance-phases"},{"line_number":409,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"3fa7e38b_80b68788","line":406,"range":{"start_line":405,"start_character":1,"end_line":406,"end_character":26},"updated":"2019-11-25 03:52:40.000000000","message":"This really need VMT agreement and I strongly suspect that doing this will create an implicit \u0027OpenStack VMT will keep you safe\u0027 contract which we\u0027ve tried to avoid in the past","commit_id":"d21ec6750d280934c24694b0e7c99e4c1f73ed61"}]}