[oslo][requirements] Bandit Strategy
On 2019-05-15 13:08:32 -0500 (-0500), Ben Nemec wrote:
> The reason we did it this way is to prevent 1.6.1 from blocking
> all of the repos again if it doesn't fix the problem or introduces
> a new one. If so, it blocks the uncapping patches only and we can
> deal with it on our own schedule.
Normally, if it had been treated like other linters, projects should
have been guarding against unanticipated upgrades by specifying
something like a <1.6.0 version and then expressly advancing that
cap at the start of a new cycle when they're prepared to deal with
fixing whatever problems are identified.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 963 bytes
Desc: not available