← Back to team overview

openstack-ossg team mailing list archive

Re: Vulnerability - LVM ephemeral images.


> Either way, I do agree with Russell that vulnerabilities shouldn't be
> broadly discussed within OSSG at this time.

I intentionally did not provide details and made it clear it would be up to the VMT to release full disclosure. I hope it isn't perceived as anything else, but if so, I do apologize.

I recognize that everyone may not agree on best practices. Personally, I feel that with something like Folsom that has been released only days ago, there is little risk in providing extremely limited, semi-public information to indicate mitigation techniques that cannot benefit attackers. Under many, but perhaps not all, definitions this can be considered responsible disclosure.

As it were, however, I wouldn't have said anything at all had I known this list is public.

Eric Windisch

Follow ups