Comment 34 for bug 1235450

@Armando: we idea is to gather the necessary approvals for the patch on this bug (two core people saying +2). Then when the issue is made public we can propose it for review and get a single core reviewer to +2/APRV it based on the approvals collected on the bug. That way we can reduce the window where the vulnerability is public but no advisory has been published.

For more information on our workflow, see https://wiki.openstack.org/wiki/VulnerabilityManagement