Open Stack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 19/08/14 16:17, Thierry Carrez wrote:
> Gary Kotton wrote:
>> On 8/19/14, 2:48 PM, "Ihar Hrachyshka" <ihrachys at redhat.com>
>> wrote:
>>> And if they haven't encountered the issue yet, and don't know
>>> that default value is failing hard, then we leave our users
>>> with DoS unfixed, waiting for their users to break the cloud
>>> and then debug the issue, finally discovering that we have
>>> defaults that are broken and not even documented as such
>>> anywhere.
>> 
>> Where is a DOS attack here? Is this a few extra RPC messages
>> being sent?
> 
> If this is a security issue, different rules apply. the first of
> which is that the Vulnerability Management Team should handle that
> bug, assess the vulnerability, coordinate the backports and ask for
> relevant exceptions.
> 
> You can't just sneak security fixes in without proper announcements
> (and then use the "security" card to justify exceptions).
> 
> I added the security flag to that bug so that it gets assessed and 
> handled through the regular channels.
> 

Fair enough, and thanks! I'm new to the whole process, so I may fail
to follow proper procedures sometimes... :)

/Ihar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iQEcBAEBCgAGBQJT810SAAoJEC5aWaUY1u57CS0H/08F+vsjKz85GLRMfLXHFkyp
YMyVZr/jgn8g+17PQtT1hHeQYwjIHO9WJyLOD0diui6p+83PaGmvuMUcMsO8bXTZ
TKPcOdfDbMmP9+Amm973GtnOdVviVaLUqx1+xGE6Ze/pBHGB50jqWyDjGyOe7lNO
B1oTGOWx+Zoyo15189xX0nSpQEvWMVpqGhxvh38gTrwYqJXy1SbNkXeU/CdGZlzB
u2DLj+fr7QIggm8CGsZnrIVKmOzdeO17W2oKcsMcQ4QiZh0DCwV7sLmnwTPJeT4Z
+G0BnoIJPXlOfZ2j+ce/ttZ0CPzjB37Mg3grYPNQafcIme0ndJC/THiMegVOFWQ=
=LcJW
-----END PGP SIGNATURE-----