Sven

> @markus-hentsch I have general remark: Because TLS configuration and security is a moving target, have you considered to base the recommended configuration on one of the profiles offered by...

working on a fix for upstream: https://bugs.launchpad.net/kolla-ansible/+bug/2060787

Somewhat of a meta comment, but I find it weird that there are open discussions by reviewers but at the same time the PR is approved by the same people....

> I began adding TLS specifics to the standard based on the official guidelines on ssl.com[1](#user-content-fn-1-cfaa4efba83e4b7037c3fc3cf637ce1e). > > I think we should align this to the most commonly and broadly...

fwiw my patch to unify the haproxy TLS settings and to update them to a modern standard was finally merged today :https://review.opendev.org/c/openstack/kolla-ansible/+/915403 so on new openstack releases you should only...

As a general comment on how to approach system design decisions: From this text, it is not clear to me, why _exactly_ is cucumber superior. I don't think it's a...

I think @berendt is right, if this would work without `allowed_address_pairs` you would have a security issue I think. By default strict filters only allow the configured subnets and associated...

so, what exactly _is_ the list of extra specs we want to standardize? I feel this is handwaved away too much: is ram, vcpu, disk sufficient? there are many more...

> Testing whether a user with the member role is allowed to interact with Barbican (That is, that either new SRBAC is used or the policy is changed to integrate...

> This regexp is for the name component of the requests received by the registry and does not include the hostname or post. It's a path on the registry. So...