+1 also makes it easier for vulnerability scanners to check for missing updates, as they do for many other CVEs On 23/04/2013 13:47, "Christopher Ricker (chricker)" <chricker at cisco.com> wrote: >On 4/23/13 2:33 AM, "Kurt Seifried" <kseifried at redhat.com> wrote: >> >>So if it's ok with you guys I'd like to make sure that all OpenStack >>security issues get CVE's assigned regardless of whether or not they >>are going to be fixed in code (e.g. addressed with a security note, >>maybe a config change, a documentation change, whatever). > >Request seconded -- this will be helpful for the various down streams >packaging OpenStack > > > >_______________________________________________ >Openstack-security mailing list >Openstack-security at lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security