Comment 11 for bug 1840895

Since there's been no objection, I'm switching this bug report to public and assessing as class D (security hardening opportunity) per the OpenStack VMT's report taxonomy: https://security.openstack.org/vmt-process.html#incident-report-taxonomy