If this was discussed in a public venue (I can't find mention of it in IRC logs so presumably it happened in voice chat instead?) then there's not a lot of point in maintaining an embargo. Also if the fix ends up just being a change to documentation or happens only in master (adding database tables doesn't seem likely to pass muster for a stable backport) then this would at most be a security note and not an advisory anyway.
It also seems like exploitation would be hard to target unless the operator is routinely purging Glance's DB.
If this was discussed in a public venue (I can't find mention of it in IRC logs so presumably it happened in voice chat instead?) then there's not a lot of point in maintaining an embargo. Also if the fix ends up just being a change to documentation or happens only in master (adding database tables doesn't seem likely to pass muster for a stable backport) then this would at most be a security note and not an advisory anyway.
It also seems like exploitation would be hard to target unless the operator is routinely purging Glance's DB.