[security-sig] Broken Security Link on Website and general bad discoverability of security related information

Sven Kieske S.Kieske at mittwald.de
Fri Feb 26 14:43:01 UTC 2021

Thanks for all the detailed answers and for forwarding
the message to the appropriate people.

I'm aware that upstream openstack is not really a "distribution", guess
I was just sloppy with my wording, apologies for that.

Also thanks for correcting my assumption that openstack
was directly shipping code which I thought to be vulnerable.

From my initial reading I thought that e.g. the tornado
webserver was vulnerable directly and when I found the redhat/suse
sites claiming that their openstack releases where affected I thought
this must have a different meaning, than just using a vulnerable python version,
as the bugs in the python implementation are listed separately on these pages.

Of course tornado only gets installed via pip/third party repositories, so
if the upstreams get fixed no further action is needed.

Thanks for all your input, it's much appreciated.

Mit freundlichen Grüßen / Regards

Sven Kieske
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp
Tel.: 05772 / 293-900
Fax: 05772 / 293-333
Geschäftsführer: Robert Meyer, Florian Jürgens
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen

Informationen zur Datenverarbeitung im Rahmen unserer Geschäftstätigkeit 
gemäß Art. 13-14 DSGVO sind unter www.mittwald.de/ds abrufbar.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210226/4e93efb4/attachment.sig>

More information about the openstack-discuss mailing list