openstack-ossg team mailing list archive

Thread
Date

Re: Vulnerability - LVM ephemeral images.

To: openstack-ossg@xxxxxxxxxxxxxxxxxxx
From: Russell Bryant <rbryant@xxxxxxxxxx>
Date: Fri, 26 Oct 2012 16:26:44 -0400
In-reply-to: <CAGYSk8crr2wGBJuKAvz=uS3=NqKZd=r5b+62EBxc=ayVc8oKRQ@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121016 Thunderbird/16.0.1

No, I don't think that's a good idea.  We just shouldn't be discussing
vulnerabilities on this list.

Vulnerabilities should be reported to the VMT and then allow us to bring
in people as necessary, including the OSSG if warranted.  Even if this
list was "private", I would not consider posting details here
responsible disclosure.

-- 
Russell Bryant

On 10/26/2012 04:15 PM, Matt Joyce wrote:
> can we get this mailing list made private?
> 
> On Fri, Oct 26, 2012 at 1:09 PM, Eric Windisch <eric@xxxxxxxxxxxxxxxx
> <mailto:eric@xxxxxxxxxxxxxxxx>> wrote:
> 
>     As an FYI, shortly before joining this group, I reported a
>     vulnerability around LVM ephemeral images.
> 
>     As it is already being evaluated by the VMT, I'm not sure there is
>     much value in providing too many details here unless they want to
>     request OSSG assistance. (Responsible disclosure and everything)  In
>     the future, I'll happily bring forth discussion here.
> 
>     I recommend sticking with Qemu images for the time being.
> 
>     Regards,
>     Eric Windisch
> 
> 
>     --
>     Mailing list: https://launchpad.net/~openstack-ossg
>     Post to     : openstack-ossg@xxxxxxxxxxxxxxxxxxx
>     <mailto:openstack-ossg@xxxxxxxxxxxxxxxxxxx>
>     Unsubscribe : https://launchpad.net/~openstack-ossg
>     More help   : https://help.launchpad.net/ListHelp
> 
> 
> 
>

References

Vulnerability - LVM ephemeral images.
From: Eric Windisch, 2012-10-26
Re: Vulnerability - LVM ephemeral images.
From: Matt Joyce, 2012-10-26