-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 10/12/14 22:12, Jeremy Stanley wrote: > On 2014-12-10 16:07:35 -0500 (-0500), Jay Pipes wrote: >> On 12/10/2014 04:05 PM, Jeremy Stanley wrote: >>> I think the bigger question is whether the lack of a quota >>> implementation for everything a tenant could ever possibly >>> create is something we should have reported in secret, worked >>> under embargo, backported to supported stable branches, and >>> announced via high-profile security advisories once fixed. >> >> Sure, fine. > > Any tips for how to implement new quota features in a way that the > patches won't violate our stable backport policies? >
If we consider it a security issue worth CVE, then security concerns generally beat stability concerns. We'll obviously need to document the change in default behaviour in release notes though, and maybe provide a documented way to disable the change for stable releases (I suspect we already have a way to disable specific quotas, but we should make sure it's the case and we provide operators commands ready to be executed to achieve this). /Ihar -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iQEcBAEBCgAGBQJUiXeoAAoJEC5aWaUY1u57i3EIAMZp5XoTfayE2EblAruo+hK+ I4c8EvrhCNOVe51BsI42VFkuqp4vf9nKpHYz/PtSOp/9tLxXgpt0tFgEEOUS2xR9 rIMR0vkJSLWgT6v7aGMR7cDQ1MSGkmjCQl2SgmRgsyG0Jcx1/+El9zUToTI9hTFu Yw97cN04j/pFda7Noo91ck7htq0pSCsLtR2jRVePgcIc6UeW372aaXn8zboTtCks c03VXiZHc5TpZurZiFopT+CLbiDl5k0JvMuptP7YOhnfzzNsaaL/Bd8+9f6SGpol Dy7Ha2CDsAl1WEMx0VvAHvH5O4YRbbE0sIvY1r0pxmMQB8lJwx6KfcDwIrer2Og= =ZY3+ -----END PGP SIGNATURE----- _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev