Community mailing list archives

check security in python package

Akretion, David Béal
- 08/31/2016 15:46:16
Hi all,

I want ask you what are the good pratice to ensure security at python package level on your projects.

Just an example of what we use in production, at akretion,

- Anybox Odoo Buildout recipe
- Gitlab for all our projects

For each project, for production stability purpose we freeze python package version.

But when a security fix is coming, we need to update production.

How to fix your production in shorter time in all impacted projects ?

key points are:
- identify concerned package: easy with frozen.cfg and gitlab api
- identify for each package, which versions are related to security fix: this is the critical point.
- plan projects to update: easy with gitlab api by creating an issue

Is there a tool for that purpose in python ecosystem ? Elsewhere ?

Thanks you

Bonne journée

David BEAL - Akretion
Odoo Development / Integration