[Openstack-security] [OSSN][DRAFT] Disabling a tenant does not disable a user token
Simo Sorce
simo at redhat.com
Sat Aug 10 00:59:08 UTC 2013
On Fri, 2013-08-09 at 23:30 +0200, Chmouel Boudjnah wrote:
> I am not sure how the process works for cve, but should we wait for
> the fix being merged first?
No, CVEs are assigned (anonymously) at the moment the issues is
recognized as being a security issue. No details are disclosed at the
moment the CVE Number is assigned.
Embargo dates are usually agreed upon and any detail is published only
when the embargo is lifted.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Openstack-security
mailing list