[Openstack-security] OSSN required?

Bryan D. Payne bdpayne at acm.org
Fri Jan 31 01:37:11 UTC 2014


For me, if it is still supported today then we should issue the OSSA.
-bryan


On Thu, Jan 30, 2014 at 5:32 PM, Jeremy Stanley <fungi at yuggoth.org> wrote:

> On 2014-01-30 17:17:53 -0800 (-0800), Bryan D. Payne wrote:
> > Are you thinking an OSSN or an OSSA? The advisory (OSSA) is
> > often what is used for security issues that have been fixed and
> > we want to tell people to upgrade. The note (OSSN) is often what
> > is used for guidance on configuring one's system securely.
>
> Good point. It looks like this was fixed early in the Havana
> development cycle, but not dealt with as a security vulnerability
> nor brought to the VMT's attention at the time. Since QPid support
> seems to have been in place around the Essex release we could in
> theory issue a retroactive OSSA affecting Grizzly (but its end of
> support is only about a month away now). Thoughts?
> --
> Jeremy Stanley
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140130/1317516e/attachment.html>


More information about the Openstack-security mailing list