Re: [openstack-dev] [stable] Swift object-updater and container-updater
Minwoo, It is important to understand that Icehouse has gone into a security fixes only mode. It is too late in the stable process to be making notable changes for anything other than security issues. The patch for the fork bomb like problem in object-auditor is in Icehouse: https://review.openstack.org/#/c/126371/ So, we do not need to worry about that one. The other two problems are not really security problems as they cause the object-updater and container-updater to throw an exception and exit. The behavior is irritating but not a security risk. So, I think the fix that you are really asking to have fixed in Icehouse, has already merged. I will propose the other fixes back to stable/juno but don't feel they warrant a change in Icehouse. I hope this clarifies the situation. Jay On 01/08/2015 09:21 AM, Minwoo Bae wrote: Hi, to whom it may concern: Jay Bryant and I would like to have the fixes for the Swift object-updater (https://review.openstack.org/#/c/125746/) and the Swift container-updater (https://review.openstack.org/#/q/I7eed122bf6b663e6e7894ace136b6f4653db4985,n,z) backported to Juno and then to Icehouse soon if possible. It's been in the queue for a while now, so we were wondering if we could have an estimated time for delivery? Icehouse is in security-only mode, but the container-updater issue may potentially be used as a fork-bomb, which presents security concerns. To further justify the fix, a problem of similar nature https://review.openstack.org/#/c/126371/(regarding the object-auditor) was successfully fixed in stable/icehouse. The object-updater issue may potentially have some security implications as well. Thank you very much! Minwoo ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [stable] Swift object-updater and container-updater
Minwoo, The cherry-picks for the contain-updater and object-updater back to stable/juno are now available for review: https://review.openstack.org/146211 and https://review.openstack.org/134082 Jay On 01/08/2015 09:21 AM, Minwoo Bae wrote: Hi, to whom it may concern: Jay Bryant and I would like to have the fixes for the Swift object-updater (https://review.openstack.org/#/c/125746/) and the Swift container-updater (https://review.openstack.org/#/q/I7eed122bf6b663e6e7894ace136b6f4653db4985,n,z) backported to Juno and then to Icehouse soon if possible. It's been in the queue for a while now, so we were wondering if we could have an estimated time for delivery? Icehouse is in security-only mode, but the container-updater issue may potentially be used as a fork-bomb, which presents security concerns. To further justify the fix, a problem of similar nature https://review.openstack.org/#/c/126371/(regarding the object-auditor) was successfully fixed in stable/icehouse. The object-updater issue may potentially have some security implications as well. Thank you very much! Minwoo ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [stable] Swift object-updater and container-updater
Hi, to whom it may concern: Jay Bryant and I would like to have the fixes for the Swift object-updater (https://review.openstack.org/#/c/125746/) and the Swift container-updater ( https://review.openstack.org/#/q/I7eed122bf6b663e6e7894ace136b6f4653db4985,n,z ) backported to Juno and then to Icehouse soon if possible. It's been in the queue for a while now, so we were wondering if we could have an estimated time for delivery? Icehouse is in security-only mode, but the container-updater issue may potentially be used as a fork-bomb, which presents security concerns. To further justify the fix, a problem of similar nature https://review.openstack.org/#/c/126371/ (regarding the object-auditor) was successfully fixed in stable/icehouse. The object-updater issue may potentially have some security implications as well. Thank you very much! Minwoo ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev