docker-registry requires these two openstack packages which we cannot support for stable releases (they're unmaintained and rife with security issues). Please drop the requires on those packages or drop docker-registry before Mageia 5. We also need to drop: python-ceilometerclient-1.0.9-5.mga5.src.rpm python-cinderclient-1.0.8-5.mga5.src.rpm python-glanceclient-0.12.0-5.mga5.src.rpm python-heatclient-0.2.8-5.mga5.src.rpm python-keystoneclient-0.7.1-5.mga5.src.rpm python-neutronclient-2.3.4-5.mga5.src.rpm python-novaclient-2.17.0-5.mga5.src.rpm python-swiftclient-2.0.3-5.mga5.src.rpm python-troveclient-1.0.3-5.mga5.src.rpm Reproducible: Steps to Reproduce:
Blocks: (none) => 14674
Hello David, I'm not sure I understand your point. python-glanceclient is maintained (I could update it to 0.15 which is the upstream version at https://github.com/openstack/python-glanceclient) python-keystoneclient is also maintained (I could again update it to a more recent version as well at https://github.com/openstack/python-keystoneclient) I don't understand why you speak about unmaintained. Could you explain ? If it's in Magia, if we want docker, then we need that package as well as fig and some others. Maybe we should create a small team to work on this ? And docker-registry really needs these 2 IIRC.
They're unmaintained in Mageia. They've never been consistently maintained since they were first imported. They have frequent security issues that are never addressed. I've already raised this issue before the last two Mageia releases. The OpenStack stuff has too many security issues and is too confusing to rely on me to stay on top of it for stable. Someone's going to have to show that they can stay on top of it and consistently maintain them, and that's never happened. We cannot support those packages for stable and we can't ship them in Mageia 5. I have a hard time believing that you can't have Docker without also having OpenStack. I'd imagine there's some way you can disable that dependency in docker-registry. For now, it needs to be done.
So docker-registry was already broken because it also depended on python-docker-registry-core, which doesn't exist. I've removed all of these packages. docker-registry can be reintroduced if it can be built without broken dependencies or openstack packages.
Status: NEW => RESOLVEDResolution: (none) => FIXED
Just FYI, the correct way to handle the requires/recommends here would be: docker-registry recommends docker-registry-glance-driver (or whatever you end up calling it, not currently packaged), which requires python-glanceclient, which requires python-keystoneclient. So docker-registry shouldn't recommend the *client packages directly.