The discussion was in the virtual mid-cycle meeting in bluejeans and I believe a recording is available.
Just one thing about the exploit -- combine this with https://bugs.launchpad.net/glance/+bug/1545092, and a bad actor could put the DB in a situation where it needs to be purged right away.
I don't think bug 1545092 has been publicized yet (there was going to be a combined security note about a few issues, iirc), maybe the recommendation for this bug could be rolled into that.
The discussion was in the virtual mid-cycle meeting in bluejeans and I believe a recording is available.
Just one thing about the exploit -- combine this with https:/ /bugs.launchpad .net/glance/ +bug/1545092, and a bad actor could put the DB in a situation where it needs to be purged right away.
I don't think bug 1545092 has been publicized yet (there was going to be a combined security note about a few issues, iirc), maybe the recommendation for this bug could be rolled into that.