Comment 3 for bug 1425206

Revision history for this message
Tristan Cacqueray (tristan-cacqueray) wrote :

Oups I misread, adding ceilometer task.

@Jim well I agree with the need to fix this, especially if it's not an intended behavior. However, to my knowledge, it seems pretty clear that running OpenStack in DEBUG mode is not something you want in production or in any secure deployment. I'm not sure we would consider this OSSA materials since (1) I don't think we should backport it and alter behavior for already-released versions and (2) we always considered leaks in DEBUG logs as bugs rather than vulnerabilities.

Though you mention the ability to add breakpoints, which could be used maliciously... but preventing the use of a debugger wouldn't defeat the purpose of a DEBUG mode ?