On reporting CPU flags that provide mitiation (to CVE flaws) as Nova 'traits'
ed at leafe.com
Thu May 16 14:09:03 UTC 2019
On May 15, 2019, at 4:50 PM, Eric Fried <openstack at fried.cc> wrote:
>>>> There's no consensus here. Some think that we should _not_ allow those
>>>> CPU flags as traits which can 'allow' you to target vulnerable hosts.
>>> for what its worth im in this camp and have said so in other places
>>> where we have been disucssing it.
>> Yep, noted.
> My position is that it's not harmful to add them to os-traits; it's
> whether/how they're used in nova that needs some thought.
They may not be "harmful", but they set a very bad precedent. I don't want to see os-traits become "Oh, just dump the trait in there, and maybe someday someone will use it".
-- Ed Leafe
More information about the openstack-discuss