openstack-ossg team mailing list archive

Thread
Date

Re: Vulnerability - LVM ephemeral images.

To: "Bryan D. Payne" <bdpayne@xxxxxxx>
From: Eric Windisch <eric@xxxxxxxxxxxxxxxx>
Date: Fri, 26 Oct 2012 17:20:18 -0400
Cc: openstack-ossg@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CAFpPvXCMk7LfuCtbsUVH+wAwysMmDdgLGmftqncjCr-=3npg0w@mail.gmail.com>

> Either way, I do agree with Russell that vulnerabilities shouldn't be
> broadly discussed within OSSG at this time.
> 
> 


I intentionally did not provide details and made it clear it would be up to the VMT to release full disclosure. I hope it isn't perceived as anything else, but if so, I do apologize.

I recognize that everyone may not agree on best practices. Personally, I feel that with something like Folsom that has been released only days ago, there is little risk in providing extremely limited, semi-public information to indicate mitigation techniques that cannot benefit attackers. Under many, but perhaps not all, definitions this can be considered responsible disclosure.

As it were, however, I wouldn't have said anything at all had I known this list is public.

Regards,
Eric Windisch

Follow ups

Re: Vulnerability - LVM ephemeral images.
From: Bryan D. Payne, 2012-10-26

References

Vulnerability - LVM ephemeral images.
From: Eric Windisch, 2012-10-26
Re: Vulnerability - LVM ephemeral images.
From: Eric Windisch, 2012-10-26
Re: Vulnerability - LVM ephemeral images.
From: Bryan D. Payne, 2012-10-26