-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 30/10/14 17:07, Alan Pevec wrote:
One special case with this backport is that it is a security impact fix and OSSN was issued [1]. The fix was already shipped, so when we revert the patch we also need to consider operators who already apply this fix and we need another solution for them.
OSSN-0020 doesn't mention this backport, it has other proposed solutions.
What do you think about disabling the fix if contrack is not available.
This should be done in master first. But what would it do when tool it not available?
Yeah, leaving operators with *illusion* of safety ("the patch is there, I read about it in release notes!") while not really dropping connections is not nice.
Cheers, Alan
_______________________________________________ Openstack-stable-maint mailing list Openstack-stable-maint@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-stable-maint
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iQEcBAEBCgAGBQJUUmdOAAoJEC5aWaUY1u579GUIAJLJrnYcUs3xkhIRszrhf4Gl 6V8aBgJrwMMVmJ7c+8bMz4x90FlpOPr2hoxLNt34E1mSpTv8ERfz8AZYqyKLUbHI HKW0jqZTbtVcBiJJ+W1/jTkDBuC9zGJ1+Ta756IHrTD9cI6Gxr20dLFDWew4SUFY I+hLL96yLmiTf9q66odJFBiSbSe1Y/RcegbXrYwVlyJqwEQgADdyx/ZOhuaM3iWy Tp1D00ion6wQKUIqE/NSrCHmDNyGj2JD08/oDn/qSPFEuj80Nzo4P4vPlSouYcuo B5mBllosop5TgCkYIKW6IsThQHQBwix5cW9m5Ghuk2FHaOqTjvmFO6Y3LmqgkX8= =vnuT -----END PGP SIGNATURE-----