Comment 9 for bug 1684320

Should we be considering this a duplicate, like for bug 968696 maybe? Also what is the prognosis for actually fixing it? Wondering if it falls into a redesign situation along the lines of report class B2 ("A vulnerability without a complete fix yet, security note for all versions, e.g., poor architecture / design") in our taxonomy? https://security.openstack.org/vmt-process.html#incident-report-taxonomy