Comment 5 for bug 1916926
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Glance leaks namespace existence to unauthorized users | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Okay, so to clarify, the current suggestion is to write a patch which disables the problem API method(s) with backports to all supported stable branches and attach them to this bug, decide on a disclosure date, privately notify downstream stakeholders with a copy of the patches and our timeline, then on the determined day switch this and perhaps related report(s) to public, push the changes to Gerrit and publish an advisory linking to them.
Thereafter, work will happen in public to recreate the intended functionality in a safer way.
Does that sum it up?