openstack-ossg team mailing list archive
-
openstack-ossg team
-
Mailing list archive
-
Message #00015
Re: Vulnerability - LVM ephemeral images.
> Either way, I do agree with Russell that vulnerabilities shouldn't be
> broadly discussed within OSSG at this time.
>
>
I intentionally did not provide details and made it clear it would be up to the VMT to release full disclosure. I hope it isn't perceived as anything else, but if so, I do apologize.
I recognize that everyone may not agree on best practices. Personally, I feel that with something like Folsom that has been released only days ago, there is little risk in providing extremely limited, semi-public information to indicate mitigation techniques that cannot benefit attackers. Under many, but perhaps not all, definitions this can be considered responsible disclosure.
As it were, however, I wouldn't have said anything at all had I known this list is public.
Regards,
Eric Windisch
Follow ups
References