On 2017-05-17 15:57:16 +0300 (+0300), George Shuklin wrote: > There is a bug in diskimage-builder I reported it at 2017-03-10 as 'private > security'. I think this bug is a medium severity. > > So far there was no reaction at all. I plan to change this bug to public > security on next Monday. If someone is interested in bumping up CVE count > for DIB, please look at > https://bugs.launchpad.net/diskimage-builder/+bug/1671842 (private-walled > for security group).
Thanks for the heads up! One thing we missed in the migration of DIB from TripleO to Infra team governance is that the bug tracker for it was still under TripleO team control (I just now leveraged my OpenStack Administrator membership on LP to fix that), so the bug was only visible to https://launchpad.net/~tripleo until moments ago. That said, a "private" bug report visible to the 86 people who are members of that LP team doesn't really qualify as private in my book so there's probably no additional harm in just switching it to public security while I work on triaging it with the DIB devs. Going forward, private security bugs filed for DIB are only visible to the 18 people who make up the diskimage-builder-core and openstack-ci-core teams on LP, which is still more than it probably should be but it's a start at least. -- Jeremy Stanley
signature.asc
Description: Digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
