potiuk commented on PR #13293: URL: https://github.com/apache/cloudstack/pull/13293#issuecomment-4713761710
@DaanHoogland — yes, sorry, that ping crossed with your review already in flight; nothing was missed on your end. Thank you (and @vishesh92) for the thorough pass — you've answered the bulk of the §14 questions and confirmed the trust-boundary lines, which is exactly what pre-flight needs. Next on our side: I'll fold your inline answers into an updated revision of the model — - mark the §14 questions you confirmed as resolved, and drop the ones that were just "yes/confirmed" (e.g. the §856 question, per your note); - wire the source-of-truth relationship you and @vishesh92 agreed on (1108/1113): `THREAT_MODEL.md` as the source of truth, with `cloudstack.apache.org/security` carrying an excerpt + link; - add "a change in the extension mechanisms implemented by CloudStack" to the conditions-that-would-change-the-model section (1116); - and capture the two items that are really process/test rather than model gaps: the dependency-update procedure (847 — dependabot not producing viable PRs) and the template download-token timed-availability mitigation (842), noting the latter needs a test to confirm. (On "why didn't code analysis flag it" — that one is a design/process question rather than a code defect, so it wouldn't surface in a static pass.) Once that revision is up I think we're through pre-flight, as you say. I'll push it and re-request your review. Best, Jarek -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
