[Openstack-security] OSSN required?
Jeremy Stanley
fungi at yuggoth.org
Fri Jan 31 01:32:44 UTC 2014
On 2014-01-30 17:17:53 -0800 (-0800), Bryan D. Payne wrote:
> Are you thinking an OSSN or an OSSA? The advisory (OSSA) is
> often what is used for security issues that have been fixed and
> we want to tell people to upgrade. The note (OSSN) is often what
> is used for guidance on configuring one's system securely.
Good point. It looks like this was fixed early in the Havana
development cycle, but not dealt with as a security vulnerability
nor brought to the VMT's attention at the time. Since QPid support
seems to have been in place around the Essex release we could in
theory issue a retroactive OSSA affecting Grizzly (but its end of
support is only about a month away now). Thoughts?
--
Jeremy Stanley
More information about the Openstack-security
mailing list