Comment 4 for bug 1593799

If this was discussed in a public venue (I can't find mention of it in IRC logs so presumably it happened in voice chat instead?) then there's not a lot of point in maintaining an embargo. Also if the fix ends up just being a change to documentation or happens only in master (adding database tables doesn't seem likely to pass muster for a stable backport) then this would at most be a security note and not an advisory anyway.

It also seems like exploitation would be hard to target unless the operator is routinely purging Glance's DB.