← Back to team overview

openstack-ossg team mailing list archive

Re: Vulnerability - LVM ephemeral images.


No, I don't think that's a good idea.  We just shouldn't be discussing
vulnerabilities on this list.

Vulnerabilities should be reported to the VMT and then allow us to bring
in people as necessary, including the OSSG if warranted.  Even if this
list was "private", I would not consider posting details here
responsible disclosure.

Russell Bryant

On 10/26/2012 04:15 PM, Matt Joyce wrote:
> can we get this mailing list made private?
> On Fri, Oct 26, 2012 at 1:09 PM, Eric Windisch <eric@xxxxxxxxxxxxxxxx
> <mailto:eric@xxxxxxxxxxxxxxxx>> wrote:
>     As an FYI, shortly before joining this group, I reported a
>     vulnerability around LVM ephemeral images.
>     As it is already being evaluated by the VMT, I'm not sure there is
>     much value in providing too many details here unless they want to
>     request OSSG assistance. (Responsible disclosure and everything)  In
>     the future, I'll happily bring forth discussion here.
>     I recommend sticking with Qemu images for the time being.
>     Regards,
>     Eric Windisch
>     --
>     Mailing list: https://launchpad.net/~openstack-ossg
>     Post to     : openstack-ossg@xxxxxxxxxxxxxxxxxxx
>     <mailto:openstack-ossg@xxxxxxxxxxxxxxxxxxx>
>     Unsubscribe : https://launchpad.net/~openstack-ossg
>     More help   : https://help.launchpad.net/ListHelp