Thanks Michael, I'm following the thread and I've asked Thierry for this tag to be subscribable here if we're not using openstack-security anymore so that I can receive the follow-ups.
On Mon, Apr 11, 2016 at 8:28 AM, Michael Xin <michael....@rackspace.com> wrote: > Matt: > Thanks for asking this. I forwarded this email to the new email list so > that folks with better knowledge can answer this. > > > Thanks and have a great day. > > Yours, > Michael > > > > ----------------------------------------------------------------------------- > Michael Xin | Manager, Security Engineering - US > Product Security |Rackspace Hosting > Office #: 501-7341 or 210-312-7341 > Mobile #: 210-284-8674 > 5000 Walzem Road, San Antonio, Tx 78218 > > ---------------------------------------------------------------------------- > Experience fanatical support > > From: Matt Fischer <m...@mattfischer.com> > Date: Monday, April 11, 2016 at 9:19 AM > To: "openstack-secur...@lists.openstack.org" < > openstack-secur...@lists.openstack.org> > Subject: [Openstack-security] abandoned OSSNs? > > Some folks from our security team here asked me to ensure them that our > services were patched for all the OSSNs that are listed here: > https://wiki.openstack.org/wiki/Security_Notes > > Most of these are straight-forward, but there are some OSSNs that have > been allocated an ID but then abandoned. There is no detailed wiki page and > my best google efforts lead me to a possible IRC mention and maybe an > abandoned review. The two specifically are OSSN-50/51. > > So what am I to do with an "abandoned" OSSN? Has it been decided that > there is no issue anymore? These are pretty old if I look at the dates > framing the other OSSNs (49/52), so I assume they aren't urgent. Can we > ignore these? They sound somewhat scary, for example, "keystonemiddleware > can allow access after token revocation" but I have no means to say whether > it affects us or how we can mitigate without more info. > > Thoughts? >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev