yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1424089] Re: Use SystemRandom rather than random

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jeremy Stanley <fungi@xxxxxxxxxxx>
Date: Fri, 20 Feb 2015 23:11:18 -0000
Reply-to: Bug 1424089 <1424089@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The patch says security hardening (which I think it probably is), making
it class D (or maybe C1) in our incident report taxonomy.
https://wiki.openstack.org/wiki/Vulnerability_Management#Incident_report_taxonomy

If you agree, we should switch the bug type from public security to
public (and maybe add the "security" bug tag instead).

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1424089

Title:
  Use SystemRandom rather than random

Status in OpenStack Identity (Keystone):
  In Progress
Status in OpenStack Security Advisories:
  Incomplete

Bug description:
  
  SystemRandom should be preferred over direct use of random.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1424089/+subscriptions

References

[Bug 1424089] [NEW] Use SystemRandom rather than random
From: Brant Knudson, 2015-02-20