Comment 33 for bug 1260679

That's one option. We would issue an OSSN stating that those specific drivers have flaws in their design that make them vulnerable to local attacks, and encourage people to use different drivers.

So 3 options, basically:
1- Fix in master and somehow backport the fix in a stable-branch-update compatoible and upgradeable way (?): issue OSSA
2- Fix in master but don't backport the fix: issue OSSN stating we fixed it in icehouse but the flawed design persists in <=Havana
3- Don't fix it but acknowledge the ongoing weakness in an OSSN (like what we did for internal cleartext communications between nodes)

Option 3 could come with some deprecation plan for lousy drivers.