From 2131340d74e8c18a4547c37ddceb019a17be06bd Mon Sep 17 00:00:00 2001
From: Akihiro Motoki <amotoki@gmail.com>
Date: Fri, 1 Apr 2016 14:45:38 +0900
Subject: [PATCH] release note to deprecate prevent_arp_spoofing option

This option was originally intended to deprecate in Mitaka
and remove in Newton, but we missed to announce it in Mitaka
release note. It looks better to deprecate it in Newton release
and remove it in Ocata release.

Change-Id: Iad466abbb0716da77801315d1a8766ba2f7c06b9
Closes-Bug: #1546010
---
 neutron/plugins/ml2/drivers/agent/config.py            |  2 +-
 .../ml2/drivers/openvswitch/agent/common/config.py     |  2 +-
 ...e_prevent_arp_spoofing_option-a09e673fc8f9fee4.yaml | 10 ++++++++++
 3 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/deprecate_prevent_arp_spoofing_option-a09e673fc8f9fee4.yaml

diff --git a/neutron/plugins/ml2/drivers/agent/config.py b/neutron/plugins/ml2/drivers/agent/config.py
index 080478cb21a..aac42d157f3 100644
--- a/neutron/plugins/ml2/drivers/agent/config.py
+++ b/neutron/plugins/ml2/drivers/agent/config.py
@@ -43,7 +43,7 @@ agent_opts = [
                        "added to any ports that have port security disabled. "
                        "For LinuxBridge, this requires ebtables. For OVS, it "
                        "requires a version that supports matching ARP "
-                       "headers. This option will be removed in Newton so "
+                       "headers. This option will be removed in Ocata so "
                        "the only way to disable protection will be via the "
                        "port security extension."))
 ]
diff --git a/neutron/plugins/ml2/drivers/openvswitch/agent/common/config.py b/neutron/plugins/ml2/drivers/openvswitch/agent/common/config.py
index a3b8c384576..1fdda6682d9 100644
--- a/neutron/plugins/ml2/drivers/openvswitch/agent/common/config.py
+++ b/neutron/plugins/ml2/drivers/openvswitch/agent/common/config.py
@@ -134,7 +134,7 @@ agent_opts = [
                        "added to any ports that have port security disabled. "
                        "For LinuxBridge, this requires ebtables. For OVS, it "
                        "requires a version that supports matching ARP "
-                       "headers. This option will be removed in Newton so "
+                       "headers. This option will be removed in Ocata so "
                        "the only way to disable protection will be via the "
                        "port security extension.")),
     cfg.BoolOpt('dont_fragment', default=True,
diff --git a/releasenotes/notes/deprecate_prevent_arp_spoofing_option-a09e673fc8f9fee4.yaml b/releasenotes/notes/deprecate_prevent_arp_spoofing_option-a09e673fc8f9fee4.yaml
new file mode 100644
index 00000000000..6f449c43bc1
--- /dev/null
+++ b/releasenotes/notes/deprecate_prevent_arp_spoofing_option-a09e673fc8f9fee4.yaml
@@ -0,0 +1,10 @@
+---
+deprecations:
+  - The option ``[AGENT] prevent_arp_spoofing`` has been deprecated
+    and will be removed in Ocata release. ARP spoofing protection
+    should always be enabled unless its explicitly disabled via the
+    port security extension via the API. The primary reason it was
+    a config option was because it was merged at the end of Kilo
+    development cycle so it was not considered stable. It has been
+    enabled by default since Liberty and is considered stable
+    and there is no reason to keep this configurable.