Comment 4 for bug 1391311

I think this bug falls under the category of securing internal service communication, which the VMT has previously declared a security hardening fix rather than something which would trigger an advisory (at least until security of internal communication between OpenStack components becomes ubiquitous such that these bugs are the exception rather than the norm).

So probably we shouldn't consider this as an OSSA candidate and switch it from a vulnerability to a security hardening fix. Does anyone disagree?