So I think the following set of tasks need to happen all at roughly the same time:
0. Pick the next OSSN number in sequence... looks like that should be OSSN-0088.
1. I will update this bug to Public Security, setting the security task Won't Fix and adding a security note bugtask assigned to Abhishek; I'll also remove the embargo preamble from the bug description and add [OSSN-0088] as a prefix on the title.
2. Abhishek (preferably) sends a copy of the security note from comment #13 to the openstack-announce mailing list with openstack-discuss in Cc (remember to prefix the subject with [OSSN-0088] when you do).
So I think the following set of tasks need to happen all at roughly the same time:
0. Pick the next OSSN number in sequence... looks like that should be OSSN-0088.
1. I will update this bug to Public Security, setting the security task Won't Fix and adding a security note bugtask assigned to Abhishek; I'll also remove the embargo preamble from the bug description and add [OSSN-0088] as a prefix on the title.
2. Abhishek (preferably) sends a copy of the security note from comment #13 to the openstack-announce mailing list with openstack-discuss in Cc (remember to prefix the subject with [OSSN-0088] when you do).
3. Someone paste a copy of the same into https:/ /wiki.openstack .org/w/ index.php? title=OSSN/ OSSN-0088& action= edit and save it.
4. I'll approve Abhishek's message through the openstack-announce moderation queue.
5. Someone pushes the default change for the master branch of openstack/glance to Gerrit for review.
Does this sound like a reasonable plan? If so, I'm ready to do #1 when Abhishek is ready to send the message for #2.