5 Aug
2014
5 Aug
'14
12:33 a.m.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 05/08/14 04:19, Yaguang Tang wrote:
Hi all,
I'd like to propose the following exception to be included in the next Icehouse release: https://review.openstack.org/#/c/99536/
This is a security related fix, it fixes block device auth_password key get logged at debug level.
Do we need OSSA to be released for the issue?
It may be not critical because generally debug won't be enabled at production environment, but we can't assume all users follow the suggestion. It's better to get this fixed early than later.
I agree. Security related fixes *are* critical.
The patch was already get approved but failed to merge duo to conflict now patch is updated and get a +2.
Already approved by Alan.
/Ihar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBCgAGBQJT4IjOAAoJEC5aWaUY1u57pcAIAOqN4r34qVFNKBryH+8PqQkw
jPopM5/2yYMKSNFeEDJdwO5iy+cJlyXHtQbiIlUj6jHeY7jZlnHT/LlcqVf6rYw7
onVeQJ4SVPocmmykhetG8uoL6GE04cttbf+xXSc/GeUa6b3qsBWy4tWEGBDgXgrr
Jz2V+nRG78Q74+Z8/nPVdjFSKA67wUA9sD+8FZn7DrZQdy7z58d1fMiT7QmV6nkC
91Mf9F58gj/ihdmihuyXMjit8a+Rq+d5ySnazcRGEzZ6D2pGbWItWCmp3nmJ521m
8b7fuA4sy8n3izMBPB1R2EhN68YjWFWezHsiLuDW9Iayq6pe3nBSNT8j9qoeUzo=
=FeOT
-----END PGP SIGNATURE-----