Comment 13 for bug 1372635

If the decision has been made that this particular kind of issue is hardening, and made publicly by the looks of bug 1188189, then it's been made.

I'm really less concerned with whether this gets marked public or has a security advisory issued, as with making sure this is fixed before juno does go out the door. The EMC VMAX driver is new in Juno. Shouldn't we put extra emphasis on not adding to the problem new security issues that didn't exist in the previous release? If we don't start clamping down, the problem is just going to get worse.

Obviously none of us thinks we should stop shipping OpenStack but neither can we let things go... If there are things we can't address in Juno at this point, we need to put plans in place to make sure they're addressed in Kilo. As you say, we need to convince developers to help fix it / stop breaking it. Maybe this needs to be a focus item in Paris. How do we get the various projects more security-focused? How can we get more developers fixing things without making everything public? Etc. If we can figure out how to share the load better...