Comment 10 for bug 1916926
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Glance leaks namespace existence to unauthorized users | #10 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
While we don't normally draft security notes privately under embargo (unlike advisories), we have on occasion done so and notified downstream stakeholders with an advance copy prior to publication. This might be one of those times where private advance notification is prudent.
The process for writing an OSSN is documented here:
https:/
Would anyone like to have a go at writing up some guidance for this and the related bugs? I gather it involves policy configuration changes to disable some API method(s) but the specifics are where I cease to be useful on this matter. I'm happy to help with coordinating a publication date and getting it sent to the stakeholders.