[Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013)
Thierry Carrez
thierry at openstack.org
Tue Jun 4 08:58:42 UTC 2013
Robert Collins wrote:
> What if we were to always do a release after a security advisory?
We don't do a server "stable release" after each security advisory as it
doesn't significantly help spreading the fix, but I agree that for
client libraries (where the PyPI releases are the main form of
downstream consumption of the fix) it makes sense to tag and trigger a
new PyPI release after each security advisory.
These were the first advisories on client libraries, but with Keystone
middleware being shipped within python-keystoneclient, I expect more in
the future.
--
Thierry Carrez (ttx)
OpenStack Vulnerability Management Team
More information about the Openstack
mailing list