Comment 5 for bug 1593799

The discussion was in the virtual mid-cycle meeting in bluejeans and I believe a recording is available.

Just one thing about the exploit -- combine this with https://bugs.launchpad.net/glance/+bug/1545092, and a bad actor could put the DB in a situation where it needs to be purged right away.

I don't think bug 1545092 has been publicized yet (there was going to be a combined security note about a few issues, iirc), maybe the recommendation for this bug could be rolled into that.