Comment 3 for bug 1661333

I think fungi is specifically referring to comment #10 of bug 1188189 which seems to match this bug report: This certificate validation is skipped for a for serverside node-to-node communication that could be assumed to happen on private networks.

Unless mistaken, this doesn't deserve an advisory nor to be kept under embargo, it sounds like a class D type of report (according to https://security.openstack.org/vmt-process.html#incident-report-taxonomy ).