Open Stack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/12/14 22:12, Jeremy Stanley wrote:
> On 2014-12-10 16:07:35 -0500 (-0500), Jay Pipes wrote:
>> On 12/10/2014 04:05 PM, Jeremy Stanley wrote:
>>> I think the bigger question is whether the lack of a quota 
>>> implementation for everything a tenant could ever possibly 
>>> create is something we should have reported in secret, worked 
>>> under embargo, backported to supported stable branches, and 
>>> announced via high-profile security advisories once fixed.
>> 
>> Sure, fine.
> 
> Any tips for how to implement new quota features in a way that the 
> patches won't violate our stable backport policies?
> 

If we consider it a security issue worth CVE, then security concerns
generally beat stability concerns. We'll obviously need to document
the change in default behaviour in release notes though, and maybe
provide a documented way to disable the change for stable releases (I
suspect we already have a way to disable specific quotas, but we
should make sure it's the case and we provide operators commands ready
to be executed to achieve this).

/Ihar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iQEcBAEBCgAGBQJUiXeoAAoJEC5aWaUY1u57i3EIAMZp5XoTfayE2EblAruo+hK+
I4c8EvrhCNOVe51BsI42VFkuqp4vf9nKpHYz/PtSOp/9tLxXgpt0tFgEEOUS2xR9
rIMR0vkJSLWgT6v7aGMR7cDQ1MSGkmjCQl2SgmRgsyG0Jcx1/+El9zUToTI9hTFu
Yw97cN04j/pFda7Noo91ck7htq0pSCsLtR2jRVePgcIc6UeW372aaXn8zboTtCks
c03VXiZHc5TpZurZiFopT+CLbiDl5k0JvMuptP7YOhnfzzNsaaL/Bd8+9f6SGpol
Dy7Ha2CDsAl1WEMx0VvAHvH5O4YRbbE0sIvY1r0pxmMQB8lJwx6KfcDwIrer2Og=
=ZY3+
-----END PGP SIGNATURE-----