Robert Collins wrote:
What if we were to always do a release after a security advisory?
We don't do a server stable release after each security advisory as it
doesn't significantly help spreading the fix, but I agree that for
client libraries (where the PyPI releases are the main form of
I appreciate that it often isn't appropriate, but in this case it
might have been beneficial to include python-keystoneclient version
0.2.4 where this is first resolved.
Thank you,
Lloyd
On Thu, May 23, 2013 at 1:52 PM, Jeremy Stanley jer...@openstack.org wrote:
OpenStack Security Advisory:
On 2013-06-03 10:01:03 -0700 (-0700), Lloyd Dewolf wrote:
I appreciate that it often isn't appropriate, but in this case it
might have been beneficial to include python-keystoneclient
version 0.2.4 where this is first resolved.
What's the better way to do that, do you think? Delay the
Thanks Jeremy,
I agree with you. I prefer a follow up after the fact.
Interestingly, the OSSA 2013-014 notice did include
python-keystoneclient fix (will be included in upcoming 0.2.4
release).
Thank you,
Lloyd
On Mon, Jun 3, 2013 at 10:37 AM, Jeremy Stanley fu...@yuggoth.org wrote:
On
On 2013-06-03 10:51:19 -0700 (-0700), Lloyd Dewolf wrote:
[...]
Interestingly, the OSSA 2013-014 notice did include
python-keystoneclient fix (will be included in upcoming 0.2.4
release).
I'm going to chalk that up to Thierry knowing the version number at
that point, since the OSSA 2013-014
What if we were to always do a release after a security advisory?
On 4 Jun 2013 06:25, Jeremy Stanley fu...@yuggoth.org wrote:
On 2013-06-03 10:51:19 -0700 (-0700), Lloyd Dewolf wrote:
[...]
Interestingly, the OSSA 2013-014 notice did include
python-keystoneclient fix (will be included in
OpenStack Security Advisory: 2013-013
CVE: CVE-2013-2013
Date: May 23, 2013
Title: Keystone client local information disclosure
Reporter: Jake Dahn (Nebula)
Products: python-keystoneclient
Affects: All versions
Description:
Jake Dahn from Nebula reported a vulnerability that the keystone
client
7 matches
Mail list logo