[Openstack-stable-maint] neutron: a new runtime dependency sneaked in via rootwrap filter
Ihar Hrachyshka
ihrachys at redhat.com
Thu Oct 30 16:29:02 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 30/10/14 17:07, Alan Pevec wrote:
>> One special case with this backport is that it is a security
>> impact fix and OSSN was issued [1]. The fix was already shipped,
>> so when we revert the patch we also need to consider operators
>> who already apply this fix and we need another solution for
>> them.
>
> OSSN-0020 doesn't mention this backport, it has other proposed
> solutions.
>
>> What do you think about disabling the fix if contrack is not
>> available.
>
> This should be done in master first. But what would it do when tool
> it not available?
>
Yeah, leaving operators with *illusion* of safety ("the patch is
there, I read about it in release notes!") while not really dropping
connections is not nice.
>
> Cheers, Alan
>
> _______________________________________________
> Openstack-stable-maint mailing list
> Openstack-stable-maint at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-stable-maint
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQEcBAEBCgAGBQJUUmdOAAoJEC5aWaUY1u579GUIAJLJrnYcUs3xkhIRszrhf4Gl
6V8aBgJrwMMVmJ7c+8bMz4x90FlpOPr2hoxLNt34E1mSpTv8ERfz8AZYqyKLUbHI
HKW0jqZTbtVcBiJJ+W1/jTkDBuC9zGJ1+Ta756IHrTD9cI6Gxr20dLFDWew4SUFY
I+hLL96yLmiTf9q66odJFBiSbSe1Y/RcegbXrYwVlyJqwEQgADdyx/ZOhuaM3iWy
Tp1D00ion6wQKUIqE/NSrCHmDNyGj2JD08/oDn/qSPFEuj80Nzo4P4vPlSouYcuo
B5mBllosop5TgCkYIKW6IsThQHQBwix5cW9m5Ghuk2FHaOqTjvmFO6Y3LmqgkX8=
=vnuT
-----END PGP SIGNATURE-----
More information about the Openstack-stable-maint
mailing list