Comment 4 for bug 1849624
Revision history for this message
| Brian Rosmaita (brian-rosmaita) wrote | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
First, we need to be clear that if the rbd_keyring_conf option is NOT used (which is the standard deployment scenario), this vulnerability does not arise.
Second, my proposal for fixing this is:
(1) Deprecate the option now (in Ussuri) for removal in V.
(2) Issue the OSSA explaining the problem and explaining that the mitigation is to not use the rbd_keyring_conf option.